summaryrefslogtreecommitdiff
path: root/modules/caddytls
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2019-06-24 12:16:10 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2019-06-24 12:16:10 -0600
commit38677aaa58eb76a416fa42146956f3e3a5981e75 (patch)
treea782a862b7e552d1bdaeebf3514b75392a06f4b4 /modules/caddytls
parentd49f762f6d9cdc2e92e8de40f0b0e99a9d0c4fc9 (diff)
caddytls: Support tags for manually-loaded certificates
Diffstat (limited to 'modules/caddytls')
-rw-r--r--modules/caddytls/fileloader.go13
-rw-r--r--modules/caddytls/folderloader.go8
-rw-r--r--modules/caddytls/tls.go12
3 files changed, 22 insertions, 11 deletions
diff --git a/modules/caddytls/fileloader.go b/modules/caddytls/fileloader.go
index 63592f9..d8e2d21 100644
--- a/modules/caddytls/fileloader.go
+++ b/modules/caddytls/fileloader.go
@@ -21,14 +21,15 @@ type fileLoader []CertKeyFilePair
// CertKeyFilePair pairs certificate and key file names along with their
// encoding format so that they can be loaded from disk.
type CertKeyFilePair struct {
- Certificate string `json:"certificate"`
- Key string `json:"key"`
- Format string `json:"format,omitempty"` // "pem" is default
+ Certificate string `json:"certificate"`
+ Key string `json:"key"`
+ Format string `json:"format,omitempty"` // "pem" is default
+ Tags []string `json:"tags,omitempty"`
}
// LoadCertificates returns the certificates to be loaded by fl.
-func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) {
- var certs []tls.Certificate
+func (fl fileLoader) LoadCertificates() ([]Certificate, error) {
+ var certs []Certificate
for _, pair := range fl {
certData, err := ioutil.ReadFile(pair.Certificate)
if err != nil {
@@ -52,7 +53,7 @@ func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) {
return nil, err
}
- certs = append(certs, cert)
+ certs = append(certs, Certificate{Certificate: cert, Tags: pair.Tags})
}
return certs, nil
}
diff --git a/modules/caddytls/folderloader.go b/modules/caddytls/folderloader.go
index bcc22d8..c491708 100644
--- a/modules/caddytls/folderloader.go
+++ b/modules/caddytls/folderloader.go
@@ -29,8 +29,8 @@ type folderLoader []string
// listed in fl from all files ending with .pem. This method of loading
// certificates expects the certificate and key to be bundled into the
// same file.
-func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) {
- var certs []tls.Certificate
+func (fl folderLoader) LoadCertificates() ([]Certificate, error) {
+ var certs []Certificate
for _, dir := range fl {
err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error {
if err != nil {
@@ -48,7 +48,7 @@ func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) {
return err
}
- certs = append(certs, cert)
+ certs = append(certs, Certificate{Certificate: cert})
return nil
})
@@ -120,3 +120,5 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) {
return cert, nil
}
+
+var _ CertificateLoader = (folderLoader)(nil)
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 63bc21d..7f5b1e9 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -98,7 +98,7 @@ func (t *TLS) Start() error {
Storage: t.ctx.Storage(),
})
for _, cert := range certs {
- err := magic.CacheUnmanagedTLSCertificate(cert)
+ err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags)
if err != nil {
return fmt.Errorf("caching unmanaged certificate: %v", err)
}
@@ -182,8 +182,16 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy {
}
// CertificateLoader is a type that can load certificates.
+// Certificates can optionally be associated with tags.
type CertificateLoader interface {
- LoadCertificates() ([]tls.Certificate, error)
+ LoadCertificates() ([]Certificate, error)
+}
+
+// Certificate is a TLS certificate, optionally
+// associated with arbitrary tags.
+type Certificate struct {
+ tls.Certificate
+ Tags []string
}
// AutomationConfig designates configuration for the