diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2021-02-02 17:23:52 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2021-02-02 17:23:52 -0700 |
commit | bf50d7010a26468791f4397c0f0c4f9a8ed1d6a2 (patch) | |
tree | 6956ee718cea0976e2fe23e5867010655cb2df0f /modules/caddypki/pki.go | |
parent | 8ec90f1c402b5e1aa1eea59e45f700aeb45da6ba (diff) |
acmeserver: Support custom CAs from Caddyfile
The HTTP Caddyfile adapter can now configure the PKI app, and the acme_server directive can now be used to specify a custom CA used for issuing certificates. More customization options can follow later as needed.
Diffstat (limited to 'modules/caddypki/pki.go')
-rw-r--r-- | modules/caddypki/pki.go | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index 7737079..b6f08b1 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -49,10 +49,14 @@ func (p *PKI) Provision(ctx caddy.Context) error { p.ctx = ctx p.log = ctx.Logger(p) - // if this app is initialized at all, ensure there's - // at least a default CA that can be used - if len(p.CAs) == 0 { - p.CAs = map[string]*CA{DefaultCAID: new(CA)} + // if this app is initialized at all, ensure there's at + // least a default CA that can be used: the standard CA + // which is used implicitly for signing local-use certs + if p.CAs == nil { + p.CAs = make(map[string]*CA) + } + if _, ok := p.CAs[DefaultCAID]; !ok { + p.CAs[DefaultCAID] = new(CA) } for caID, ca := range p.CAs { |