caddypki: Add SignWithRoot option for ACME server

See https://caddy.community/t/setting-up-a-caddy-pki-based-on-a-windows- root-ca-was-getting-pki-config/11616/7 Also improved a godoc comment in the caddytls package.
author: Matthew Holt <mholt@users.noreply.github.com> 2021-02-26 19:27:58 -0700
committer: Matthew Holt <mholt@users.noreply.github.com> 2021-02-26 19:27:58 -0700
commit: ec309c6d52fdfce0431a1303a49f28c3f546176a (patch)
tree: cd393f46fe81728937c196a444a9483c73d44614 /modules/caddypki
parent: ce5a0934a89aabf1bc145ed0100df5f889b7dd74 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go
index d5e5559..f5c013b 100644
--- a/modules/caddypki/acmeserver/acmeserver.go
+++ b/modules/caddypki/acmeserver/acmeserver.go
@@ -66,6 +66,13 @@ type Handler struct {
 	// on this property long-term; check release notes.
 	PathPrefix string `json:"path_prefix,omitempty"`
 
+	// If true, the CA's root will be the issuer instead of
+	// the intermediate. This is NOT recommended and should
+	// only be used when devices/clients do not properly
+	// validate certificate chains. EXPERIMENTAL: Might be
+	// changed or removed in the future.
+	SignWithRoot bool `json:"sign_with_root,omitempty"`
+
 	acmeEndpoints http.Handler
 	logger        *zap.Logger
 }
@@ -109,6 +116,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error {
 	}
 
 	authorityConfig := caddypki.AuthorityConfig{
+		SignWithRoot: ash.SignWithRoot,
 		AuthConfig: &authority.AuthConfig{
 			Provisioners: provisioner.List{
 				&provisioner.ACME{
author	Matthew Holt <mholt@users.noreply.github.com>	2021-02-26 19:27:58 -0700
committer	Matthew Holt <mholt@users.noreply.github.com>	2021-02-26 19:27:58 -0700
commit	ec309c6d52fdfce0431a1303a49f28c3f546176a (patch)
tree	cd393f46fe81728937c196a444a9483c73d44614 /modules/caddypki
parent	ce5a0934a89aabf1bc145ed0100df5f889b7dd74 (diff)