diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-06 12:55:26 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-06 12:55:26 -0700 |
commit | b81ae38686fb9fb133a0308294b3dd898b769dac (patch) | |
tree | 57f4c25a44688bcea0ce4f0eca9f65faac7491b3 /caddyconfig/httpcaddyfile | |
parent | 5c7ca7d96e2d4ee2d3044475ce03e46589445b51 (diff) |
caddyfile: tls: Tag manual certificates (#2588)
This ensure that if there are multiple certs that match a particular
ServerName or other parameter, then specifically the one the user
provided in the Caddyfile will be used.
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 3fc78a1..7c56b04 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -127,11 +127,21 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } mgr.Email = firstLine[0] case 2: + tag := fmt.Sprintf("cert%d", tagCounter) fileLoader = append(fileLoader, caddytls.CertKeyFilePair{ Certificate: firstLine[0], Key: firstLine[1], - // TODO: add tags, to ensure this certificate is always used for this server name + Tags: []string{tag}, }) + // tag this certificate so if multiple certs match, specifically + // this one that the user has provided will be used, see #2588: + // https://github.com/caddyserver/caddy/issues/2588 + tagCounter++ + certSelector := caddytls.CustomCertSelectionPolicy{Tag: tag} + if cp == nil { + cp = new(caddytls.ConnectionPolicy) + } + cp.CertSelection = caddyconfig.JSONModuleObject(certSelector, "policy", "custom", h.warnings) default: return nil, h.ArgErr() } @@ -382,3 +392,5 @@ func parseHandle(h Helper) (caddyhttp.MiddlewareHandler, error) { return nil, nil } + +var tagCounter = 0 |