diff options
| author | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-15 09:24:24 -0600 |
|---|---|---|
| committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-15 09:24:24 -0600 |
| commit | 115b877e1a83527e4b5e1bf33bb2d9b62f3f3059 (patch) | |
| tree | 1af7aec30c7344ac580d032b0daf091eccdd124a /modules/caddytls/tls.go | |
| parent | 2ce3deb540fe14ef0ef8cb733d592d2839a88624 (diff) | |
caddytls: Set Issuer properly on automation policies (fix #3150)
When using the default automation policy specifically, ap.Issuer would
be nil, so we'd end up overwriting the ap.magic.Issuer's default value
(after New()) with nil; this instead sets Issuer on the template before
New() is called, and no overwriting is done.
Diffstat (limited to 'modules/caddytls/tls.go')
| -rw-r--r-- | modules/caddytls/tls.go | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 0b39c71..98e1164 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -479,6 +479,9 @@ type AutomationPolicy struct { // TODO: is this really necessary per-policy? why not a global setting... ManageSync bool `json:"manage_sync,omitempty"` + // Issuer stores the decoded issuer parameters. This is only + // used to populate an underlying certmagic.Config's Issuer + // field; it is not referenced thereafter. Issuer certmagic.Issuer `json:"-"` magic *certmagic.Config @@ -527,6 +530,14 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error { } } + if ap.IssuerRaw != nil { + val, err := tlsApp.ctx.LoadModule(ap, "IssuerRaw") + if err != nil { + return fmt.Errorf("loading TLS automation management module: %s", err) + } + ap.Issuer = val.(certmagic.Issuer) + } + keySource := certmagic.StandardKeyGenerator{ KeyType: supportedCertKeyTypes[ap.KeyType], } @@ -542,16 +553,12 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error { KeySource: keySource, OnDemand: ond, Storage: storage, + Issuer: ap.Issuer, // if nil, certmagic.New() will set default in returned Config } - ap.magic = certmagic.New(tlsApp.certCache, template) - - if ap.IssuerRaw != nil { - val, err := tlsApp.ctx.LoadModule(ap, "IssuerRaw") - if err != nil { - return fmt.Errorf("loading TLS automation management module: %s", err) - } - ap.Issuer = val.(certmagic.Issuer) + if rev, ok := ap.Issuer.(certmagic.Revoker); ok { + template.Revoker = rev } + ap.magic = certmagic.New(tlsApp.certCache, template) // sometimes issuers may need the parent certmagic.Config in // order to function properly (for example, ACMEIssuer needs @@ -562,11 +569,6 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error { configger.SetConfig(ap.magic) } - ap.magic.Issuer = ap.Issuer - if rev, ok := ap.Issuer.(certmagic.Revoker); ok { - ap.magic.Revoker = rev - } - return nil } |