summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2021-05-02 14:11:27 -0400
committerGitHub <noreply@github.com>2021-05-02 12:11:27 -0600
commitef7f15f3a42474319e2db0dff6720d91c153f0bf (patch)
tree7d9bc3b6edd6f3954d120d088b2bd9ccd5b48f0d
parent6e0e3e1537c399faabd30cc08a9fe68a7be87639 (diff)
httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
-rw-r--r--caddyconfig/httpcaddyfile/builtins.go8
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go3
-rw-r--r--caddyconfig/httpcaddyfile/options.go4
-rw-r--r--caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt34
4 files changed, 43 insertions, 6 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go
index 32f9da7..d52c5ef 100644
--- a/caddyconfig/httpcaddyfile/builtins.go
+++ b/caddyconfig/httpcaddyfile/builtins.go
@@ -126,10 +126,10 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
// must load each cert only once; otherwise, they each get a
// different tag... since a cert loaded twice has the same
// bytes, it will overwrite the first one in the cache, and
- // only the last cert (and its tag) will survive, so a any conn
- // policy that is looking for any tag but the last one to be
- // loaded won't find it, and TLS handshakes will fail (see end)
- // of issue #3004)
+ // only the last cert (and its tag) will survive, so any conn
+ // policy that is looking for any tag other than the last one
+ // to be loaded won't find it, and TLS handshakes will fail
+ // (see end of issue #3004)
//
// tlsCertTags maps certificate filenames to their tag.
// This is used to remember which tag is used for each
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index 4288076..1ccaed2 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -451,6 +451,9 @@ func (st *ServerType) serversFromPairings(
if autoHTTPS == "disable_redirects" {
srv.AutoHTTPS.DisableRedir = true
}
+ if autoHTTPS == "ignore_loaded_certs" {
+ srv.AutoHTTPS.IgnoreLoadedCerts = true
+ }
}
// sort server blocks by their keys; this is important because
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index 799b088..d95496c 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -379,8 +379,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro
if d.Next() {
return "", d.ArgErr()
}
- if val != "off" && val != "disable_redirects" {
- return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'")
+ if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" {
+ return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'")
}
return val, nil
}
diff --git a/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt
new file mode 100644
index 0000000..1c65438
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt
@@ -0,0 +1,34 @@
+{
+ auto_https ignore_loaded_certs
+}
+
+localhost
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "localhost"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ],
+ "automatic_https": {
+ "ignore_loaded_certificates": true
+ }
+ }
+ }
+ }
+ }
+} \ No newline at end of file