diff options
author | Klooven <Klooven@users.noreply.github.com> | 2021-06-08 23:10:37 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-08 14:10:37 -0600 |
commit | 1e92258dd670dc62a55b100d1e68e7f482da14a1 (patch) | |
tree | b9e506ef6d60cadcd4534e0b3f0570a96de35e1b /caddyconfig | |
parent | 76913b19ff053bc5b0848ce4d0bbf73698f30d93 (diff) |
httpcaddyfile: Add `preferred_chains` global option and issuer subdirective (#4192)
* Added preferred_chains option to Caddyfile
* Caddyfile adapt tests for preferred_chains
Diffstat (limited to 'caddyconfig')
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 6 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 7 |
2 files changed, 12 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index fe8e319..f693110 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -49,6 +49,7 @@ func init() { RegisterGlobalOption("servers", parseServerOptions) RegisterGlobalOption("ocsp_stapling", parseOCSPStaplingOptions) RegisterGlobalOption("log", parseLogOptions) + RegisterGlobalOption("preferred_chains", parseOptPreferredChains) } func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil } @@ -452,3 +453,8 @@ func parseLogOptions(d *caddyfile.Dispenser, existingVal interface{}) (interface return configValues, nil } + +func parseOptPreferredChains(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { + d.Next() + return caddytls.ParseCaddyfilePreferredChainsOptions(d) +} diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 2510a9b..b7a8f02 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -321,7 +321,8 @@ func (st ServerType) buildTLSApp( globalACMECARoot := options["acme_ca_root"] globalACMEDNS := options["acme_dns"] globalACMEEAB := options["acme_eab"] - hasGlobalACMEDefaults := globalEmail != nil || globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS != nil || globalACMEEAB != nil + globalPreferredChains := options["preferred_chains"] + hasGlobalACMEDefaults := globalEmail != nil || globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS != nil || globalACMEEAB != nil || globalPreferredChains != nil if hasGlobalACMEDefaults { for _, ap := range tlsApp.Automation.Policies { if len(ap.Issuers) == 0 { @@ -405,6 +406,7 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interf globalACMECARoot := options["acme_ca_root"] globalACMEDNS := options["acme_dns"] globalACMEEAB := options["acme_eab"] + globalPreferredChains := options["preferred_chains"] if globalEmail != nil && acmeIssuer.Email == "" { acmeIssuer.Email = globalEmail.(string) @@ -425,6 +427,9 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interf if globalACMEEAB != nil && acmeIssuer.ExternalAccount == nil { acmeIssuer.ExternalAccount = globalACMEEAB.(*acme.EAB) } + if globalPreferredChains != nil && acmeIssuer.PreferredChains == nil { + acmeIssuer.PreferredChains = globalPreferredChains.(*caddytls.ChainPreference) + } return nil } |