diff options
| author | Francis Lavoie <lavofr@gmail.com> | 2021-05-02 14:11:27 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-02 12:11:27 -0600 |
| commit | ef7f15f3a42474319e2db0dff6720d91c153f0bf (patch) | |
| tree | 7d9bc3b6edd6f3954d120d088b2bd9ccd5b48f0d | |
| parent | 6e0e3e1537c399faabd30cc08a9fe68a7be87639 (diff) | |
httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
| -rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 8 | ||||
| -rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 3 | ||||
| -rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 4 | ||||
| -rw-r--r-- | caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt | 34 |
4 files changed, 43 insertions, 6 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 32f9da7..d52c5ef 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -126,10 +126,10 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // must load each cert only once; otherwise, they each get a // different tag... since a cert loaded twice has the same // bytes, it will overwrite the first one in the cache, and - // only the last cert (and its tag) will survive, so a any conn - // policy that is looking for any tag but the last one to be - // loaded won't find it, and TLS handshakes will fail (see end) - // of issue #3004) + // only the last cert (and its tag) will survive, so any conn + // policy that is looking for any tag other than the last one + // to be loaded won't find it, and TLS handshakes will fail + // (see end of issue #3004) // // tlsCertTags maps certificate filenames to their tag. // This is used to remember which tag is used for each diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 4288076..1ccaed2 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -451,6 +451,9 @@ func (st *ServerType) serversFromPairings( if autoHTTPS == "disable_redirects" { srv.AutoHTTPS.DisableRedir = true } + if autoHTTPS == "ignore_loaded_certs" { + srv.AutoHTTPS.IgnoreLoadedCerts = true + } } // sort server blocks by their keys; this is important because diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 799b088..d95496c 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -379,8 +379,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro if d.Next() { return "", d.ArgErr() } - if val != "off" && val != "disable_redirects" { - return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'") + if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" { + return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'") } return val, nil } diff --git a/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt new file mode 100644 index 0000000..1c65438 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt @@ -0,0 +1,34 @@ +{ + auto_https ignore_loaded_certs +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "ignore_loaded_certificates": true + } + } + } + } + } +}
\ No newline at end of file |