acmeserver: Support custom CAs from Caddyfile

The HTTP Caddyfile adapter can now configure the PKI app, and the acme_server directive can now be used to specify a custom CA used for issuing certificates. More customization options can follow later as needed.
author: Matthew Holt <mholt@users.noreply.github.com> 2021-02-02 17:23:52 -0700
committer: Matthew Holt <mholt@users.noreply.github.com> 2021-02-02 17:23:52 -0700
commit: bf50d7010a26468791f4397c0f0c4f9a8ed1d6a2 (patch)
tree: 6956ee718cea0976e2fe23e5867010655cb2df0f /modules/caddypki/pki.go
parent: 8ec90f1c402b5e1aa1eea59e45f700aeb45da6ba (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go
index 7737079..b6f08b1 100644
--- a/modules/caddypki/pki.go
+++ b/modules/caddypki/pki.go
@@ -49,10 +49,14 @@ func (p *PKI) Provision(ctx caddy.Context) error {
 	p.ctx = ctx
 	p.log = ctx.Logger(p)
 
-	// if this app is initialized at all, ensure there's
-	// at least a default CA that can be used
-	if len(p.CAs) == 0 {
-		p.CAs = map[string]*CA{DefaultCAID: new(CA)}
+	// if this app is initialized at all, ensure there's at
+	// least a default CA that can be used: the standard CA
+	// which is used implicitly for signing local-use certs
+	if p.CAs == nil {
+		p.CAs = make(map[string]*CA)
+	}
+	if _, ok := p.CAs[DefaultCAID]; !ok {
+		p.CAs[DefaultCAID] = new(CA)
 	}
 
 	for caID, ca := range p.CAs {
author	Matthew Holt <mholt@users.noreply.github.com>	2021-02-02 17:23:52 -0700
committer	Matthew Holt <mholt@users.noreply.github.com>	2021-02-02 17:23:52 -0700
commit	bf50d7010a26468791f4397c0f0c4f9a8ed1d6a2 (patch)
tree	6956ee718cea0976e2fe23e5867010655cb2df0f /modules/caddypki/pki.go
parent	8ec90f1c402b5e1aa1eea59e45f700aeb45da6ba (diff)