diff options
| author | Mark Sargent <99003+sarge@users.noreply.github.com> | 2020-02-13 09:07:25 +1300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-12 13:07:25 -0700 |
| commit | eb80165583776d878256359f1635ffa9a17f0171 (patch) | |
| tree | 867c44c12fb5d6923dc2cf68f040e53969fd26dc | |
| parent | 17d938fc54b347d54a4f56c1f0d6e92c65033548 (diff) | |
tls: Add acme_ca_root and tls/ca_root to caddyfile (#3040)
| -rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 10 | ||||
| -rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 2 | ||||
| -rw-r--r-- | caddyconfig/httpcaddyfile/parser_test.go | 18 |
3 files changed, 29 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 29ca0be..bac12da 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -116,6 +116,9 @@ func parseTLS(h Helper) ([]ConfigValue, error) { if acmeCA := h.Option("acme_ca"); acmeCA != nil { mgr.CA = acmeCA.(string) } + if caPemFile := h.Option("acme_ca_root"); caPemFile != nil { + mgr.TrustedRootsPEMFiles = append(mgr.TrustedRootsPEMFiles, caPemFile.(string)) + } for h.Next() { // file certificate loader @@ -232,6 +235,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err) } mgr.Challenges.DNSRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, h.warnings) + + case "ca_root": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + mgr.TrustedRootsPEMFiles = append(mgr.TrustedRootsPEMFiles, arg[0]) default: return nil, h.Errf("unknown subdirective: %s", h.Val()) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 268f66a..5745b66 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -71,7 +71,7 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, val, err = parseOptExperimentalHTTP3(disp) case "storage": val, err = parseOptStorage(disp) - case "acme_ca", "acme_dns": + case "acme_ca", "acme_dns", "acme_ca_root": val, err = parseOptACME(disp) case "email": val, err = parseOptEmail(disp) diff --git a/caddyconfig/httpcaddyfile/parser_test.go b/caddyconfig/httpcaddyfile/parser_test.go index ae5751c..8a62356 100644 --- a/caddyconfig/httpcaddyfile/parser_test.go +++ b/caddyconfig/httpcaddyfile/parser_test.go @@ -45,6 +45,24 @@ func TestParse(t *testing.T) { expectWarn: false, expectError: true, }, + { + input: ` + { + email test@anon.com + acme_ca https://ca.custom + acme_ca_root /root/certs/ca.crt + } + + https://caddy { + tls { + ca https://ca.custom + ca_root /root/certs/ca.crt + } + } + `, + expectWarn: false, + expectError: false, + }, } { adapter := caddyfile.Adapter{ |