summaryrefslogtreecommitdiff
path: root/caddyconfig/httpcaddyfile
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2021-06-07 14:18:49 -0400
committerGitHub <noreply@github.com>2021-06-07 12:18:49 -0600
commit658772ff24b9e1eabf6f254d039d91e8abfcb775 (patch)
treefe33063ee596c339066c71ff02034f4f2834a259 /caddyconfig/httpcaddyfile
parent323ffd20764e0f31a26ac700952adbb937b9eb69 (diff)
httpcaddyfile: Add `skip_install_trust` global option (#4153)
Fixes https://github.com/caddyserver/caddy/issues/4002
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r--caddyconfig/httpcaddyfile/options.go1
-rw-r--r--caddyconfig/httpcaddyfile/pkiapp.go20
2 files changed, 21 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index 905ecae..fe8e319 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -39,6 +39,7 @@ func init() {
RegisterGlobalOption("acme_dns", parseOptACMEDNS)
RegisterGlobalOption("acme_eab", parseOptACMEEAB)
RegisterGlobalOption("cert_issuer", parseOptCertIssuer)
+ RegisterGlobalOption("skip_install_trust", parseOptTrue)
RegisterGlobalOption("email", parseOptSingleString)
RegisterGlobalOption("admin", parseOptAdmin)
RegisterGlobalOption("on_demand_tls", parseOptOnDemand)
diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go
index 3abcc6b..a21951d 100644
--- a/caddyconfig/httpcaddyfile/pkiapp.go
+++ b/caddyconfig/httpcaddyfile/pkiapp.go
@@ -27,15 +27,35 @@ func (st ServerType) buildPKIApp(
pkiApp := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)}
+ skipInstallTrust := false
+ if _, ok := options["skip_install_trust"]; ok {
+ skipInstallTrust = true
+ }
+ falseBool := false
+
for _, p := range pairings {
for _, sblock := range p.serverBlocks {
// find all the CAs that were defined and add them to the app config
+ // i.e. from any "acme_server" directives
for _, caCfgValue := range sblock.pile["pki.ca"] {
ca := caCfgValue.Value.(*caddypki.CA)
+ if skipInstallTrust {
+ ca.InstallTrust = &falseBool
+ }
pkiApp.CAs[ca.ID] = ca
}
}
}
+ // if there was no CAs defined in any of the servers,
+ // and we were requested to not install trust, then
+ // add one for the default/local CA to do so
+ if len(pkiApp.CAs) == 0 && skipInstallTrust {
+ ca := new(caddypki.CA)
+ ca.ID = caddypki.DefaultCAID
+ ca.InstallTrust = &falseBool
+ pkiApp.CAs[ca.ID] = ca
+ }
+
return pkiApp, warnings, nil
}