diff options
author | Francis Lavoie <lavofr@gmail.com> | 2022-01-18 14:19:50 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-18 12:19:50 -0700 |
commit | a79b4055e56dc4e2f2caaae9aea555d1be471948 (patch) | |
tree | 7eae1be2a7ec8d5d7f298c9e196c7fe85fa7c444 | |
parent | 5a0715689444537cf2c41e3362468b97f31493b6 (diff) |
caddytls: Add internal Caddyfile `lifetime`, `sign_with_root` opts (#4513)
-rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_internal_options.txt | 54 | ||||
-rw-r--r-- | modules/caddytls/internalissuer.go | 21 |
2 files changed, 74 insertions, 1 deletions
diff --git a/caddytest/integration/caddyfile_adapt/tls_internal_options.txt b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt new file mode 100644 index 0000000..7298a37 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt @@ -0,0 +1,54 @@ +a.example.com {
+ tls {
+ issuer internal {
+ ca foo
+ lifetime 24h
+ sign_with_root
+ }
+ }
+}
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "a.example.com"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ }
+ }
+ },
+ "tls": {
+ "automation": {
+ "policies": [
+ {
+ "subjects": [
+ "a.example.com"
+ ],
+ "issuers": [
+ {
+ "ca": "foo",
+ "lifetime": 86400000000000,
+ "module": "internal",
+ "sign_with_root": true
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+}
\ No newline at end of file diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 5de3af5..ba6055e 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -149,7 +149,9 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // // ... internal { -// ca <name> +// ca <name> +// lifetime <duration> +// sign_with_root // } // func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -160,6 +162,23 @@ func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.AllArgs(&iss.CA) { return d.ArgErr() } + + case "lifetime": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return err + } + iss.Lifetime = caddy.Duration(dur) + + case "sign_with_root": + if d.NextArg() { + return d.ArgErr() + } + iss.SignWithRoot = true + } } } |