summaryrefslogtreecommitdiff
path: root/caddyconfig/httpcaddyfile
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-02-06 12:55:26 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2020-02-06 12:55:26 -0700
commitb81ae38686fb9fb133a0308294b3dd898b769dac (patch)
tree57f4c25a44688bcea0ce4f0eca9f65faac7491b3 /caddyconfig/httpcaddyfile
parent5c7ca7d96e2d4ee2d3044475ce03e46589445b51 (diff)
caddyfile: tls: Tag manual certificates (#2588)
This ensure that if there are multiple certs that match a particular ServerName or other parameter, then specifically the one the user provided in the Caddyfile will be used.
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r--caddyconfig/httpcaddyfile/builtins.go14
1 files changed, 13 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go
index 3fc78a1..7c56b04 100644
--- a/caddyconfig/httpcaddyfile/builtins.go
+++ b/caddyconfig/httpcaddyfile/builtins.go
@@ -127,11 +127,21 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
}
mgr.Email = firstLine[0]
case 2:
+ tag := fmt.Sprintf("cert%d", tagCounter)
fileLoader = append(fileLoader, caddytls.CertKeyFilePair{
Certificate: firstLine[0],
Key: firstLine[1],
- // TODO: add tags, to ensure this certificate is always used for this server name
+ Tags: []string{tag},
})
+ // tag this certificate so if multiple certs match, specifically
+ // this one that the user has provided will be used, see #2588:
+ // https://github.com/caddyserver/caddy/issues/2588
+ tagCounter++
+ certSelector := caddytls.CustomCertSelectionPolicy{Tag: tag}
+ if cp == nil {
+ cp = new(caddytls.ConnectionPolicy)
+ }
+ cp.CertSelection = caddyconfig.JSONModuleObject(certSelector, "policy", "custom", h.warnings)
default:
return nil, h.ArgErr()
}
@@ -382,3 +392,5 @@ func parseHandle(h Helper) (caddyhttp.MiddlewareHandler, error) {
return nil, nil
}
+
+var tagCounter = 0