From d0890d399c0ad7af09a41181b00d7af6f42223e4 Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Wed, 8 Dec 2021 10:48:52 -0700
Subject: [PATCH] envoyconfig: fix tls_downstream_client_ca for non-standard
 ports (#2802)

---
 config/envoyconfig/listeners.go      | 2 +-
 config/envoyconfig/listeners_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/envoyconfig/listeners.go b/config/envoyconfig/listeners.go
index 0f0cb4311..567bc51c7 100644
--- a/config/envoyconfig/listeners.go
+++ b/config/envoyconfig/listeners.go
@@ -853,7 +853,7 @@ func hostMatchesDomain(u *url.URL, host string) bool {
 func getPoliciesForDomain(options *config.Options, domain string) []config.Policy {
 	var policies []config.Policy
 	for _, p := range options.GetAllPolicies() {
-		if p.Source != nil && hostMatchesDomain(p.Source.URL, domain) {
+		if p.Source != nil && p.Source.URL.Hostname() == domain {
 			policies = append(policies, p)
 		}
 	}
diff --git a/config/envoyconfig/listeners_test.go b/config/envoyconfig/listeners_test.go
index a49b11ae4..6db5a70b3 100644
--- a/config/envoyconfig/listeners_test.go
+++ b/config/envoyconfig/listeners_test.go
@@ -604,7 +604,7 @@ func Test_buildDownstreamTLSContext(t *testing.T) {
 			Key:  aExampleComKey,
 			Policies: []config.Policy{
 				{
-					Source:                &config.StringURL{URL: mustParseURL(t, "https://a.example.com")},
+					Source:                &config.StringURL{URL: mustParseURL(t, "https://a.example.com:1234")},
 					TLSDownstreamClientCA: "TEST",
 				},
 			},