diff options
| author | Matt Holt <mholt@users.noreply.github.com> | 2022-02-17 15:40:34 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-17 15:40:34 -0700 |
| commit | 57a708d189cfe4ccc20ae92df95dd35e52a434a8 (patch) | |
| tree | 6a8b2ded2d0d70cea75c7b1cc5bd536b7999e9d8 /modules/caddypki/certificates.go | |
| parent | 32aad909380f08a40389a33bfe788c8a35b1d850 (diff) | |
caddytls: Support external certificate Managers (like Tailscale) (#4541)
Huge thank-you to Tailscale (https://tailscale.com) for making this change possible!
This is a great feature for Caddy and Tailscale is a great fit for a standard implementation.
* caddytls: GetCertificate modules; Tailscale
* Caddyfile support for get_certificate
Also fix AP provisioning in case of empty subject list (persist loaded
module on struct, much like Issuers, to surive reprovisioning).
And implement start of HTTP cert getter, still WIP.
* Update modules/caddytls/automation.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Use tsclient package, check status for name
* Implement HTTP cert getter
And use reuse CertMagic's PEM functions for private keys.
* Remove cache option from Tailscale getter
Tailscale does its own caching and we don't need the added complexity...
for now, at least.
* Several updates
- Option to disable cert automation in auto HTTPS
- Support multiple cert managers
- Remove cache feature from cert manager modules
- Minor improvements to auto HTTPS logging
* Run go mod tidy
* Try to get certificates from Tailscale implicitly
Only for domains ending in .ts.net.
I think this is really cool!
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Diffstat (limited to 'modules/caddypki/certificates.go')
| -rw-r--r-- | modules/caddypki/certificates.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/caddypki/certificates.go b/modules/caddypki/certificates.go index a55c165..bd260da 100644 --- a/modules/caddypki/certificates.go +++ b/modules/caddypki/certificates.go @@ -15,6 +15,7 @@ package caddypki import ( + "crypto" "crypto/x509" "time" @@ -30,7 +31,7 @@ func generateRoot(commonName string) (rootCrt *x509.Certificate, privateKey inte return newCert(rootProfile) } -func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey interface{}) (cert *x509.Certificate, privateKey interface{}, err error) { +func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.PrivateKey) (cert *x509.Certificate, privateKey crypto.PrivateKey, err error) { interProfile, err := x509util.NewIntermediateProfile(commonName, rootCrt, rootKey) if err != nil { return @@ -39,7 +40,7 @@ func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey return newCert(interProfile) } -func newCert(profile x509util.Profile) (cert *x509.Certificate, privateKey interface{}, err error) { +func newCert(profile x509util.Profile) (cert *x509.Certificate, privateKey crypto.PrivateKey, err error) { certBytes, err := profile.CreateCertificate() if err != nil { return |