diff options
author | Francis Lavoie <lavofr@gmail.com> | 2021-06-07 14:18:49 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-07 12:18:49 -0600 |
commit | 658772ff24b9e1eabf6f254d039d91e8abfcb775 (patch) | |
tree | fe33063ee596c339066c71ff02034f4f2834a259 /caddyconfig/httpcaddyfile | |
parent | 323ffd20764e0f31a26ac700952adbb937b9eb69 (diff) |
httpcaddyfile: Add `skip_install_trust` global option (#4153)
Fixes https://github.com/caddyserver/caddy/issues/4002
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 1 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/pkiapp.go | 20 |
2 files changed, 21 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 905ecae..fe8e319 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -39,6 +39,7 @@ func init() { RegisterGlobalOption("acme_dns", parseOptACMEDNS) RegisterGlobalOption("acme_eab", parseOptACMEEAB) RegisterGlobalOption("cert_issuer", parseOptCertIssuer) + RegisterGlobalOption("skip_install_trust", parseOptTrue) RegisterGlobalOption("email", parseOptSingleString) RegisterGlobalOption("admin", parseOptAdmin) RegisterGlobalOption("on_demand_tls", parseOptOnDemand) diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index 3abcc6b..a21951d 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -27,15 +27,35 @@ func (st ServerType) buildPKIApp( pkiApp := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} + skipInstallTrust := false + if _, ok := options["skip_install_trust"]; ok { + skipInstallTrust = true + } + falseBool := false + for _, p := range pairings { for _, sblock := range p.serverBlocks { // find all the CAs that were defined and add them to the app config + // i.e. from any "acme_server" directives for _, caCfgValue := range sblock.pile["pki.ca"] { ca := caCfgValue.Value.(*caddypki.CA) + if skipInstallTrust { + ca.InstallTrust = &falseBool + } pkiApp.CAs[ca.ID] = ca } } } + // if there was no CAs defined in any of the servers, + // and we were requested to not install trust, then + // add one for the default/local CA to do so + if len(pkiApp.CAs) == 0 && skipInstallTrust { + ca := new(caddypki.CA) + ca.ID = caddypki.DefaultCAID + ca.InstallTrust = &falseBool + pkiApp.CAs[ca.ID] = ca + } + return pkiApp, warnings, nil } |