caddytls: Support ACME alt cert chain preferences

author: Matthew Holt <mholt@users.noreply.github.com> 2020-11-12 15:02:35 -0700
committer: Matthew Holt <mholt@users.noreply.github.com> 2020-11-12 15:03:07 -0700
commit: 95af4262a8adf12e0c5eb178d9e521903eb8b0e4 (patch)
tree: dedf6b9b7fe6622f455002e88590a1e29346ad5b /modules/caddytls
parent: 3db60e6cbace3c03b7fe6cbaf8fd49fd42fde5b2 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index b73b34f..6466229 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -74,6 +74,11 @@ type ACMEIssuer struct {
 	// is internal or for development/testing purposes.
 	TrustedRootsPEMFiles []string `json:"trusted_roots_pem_files,omitempty"`
 
+	// List of preferred certificate chains, by issuer's CommonName. If empty,
+	// or if no matching chain is found, the first chain offered by the server
+	// will be used.
+	PreferredChains []string `json:"preferred_chains,omitempty"`
+
 	rootPool *x509.CertPool
 	template certmagic.ACMEManager
 	magic    *certmagic.Config
@@ -149,6 +154,7 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) {
 		CertObtainTimeout: time.Duration(iss.ACMETimeout),
 		TrustedRoots:      iss.rootPool,
 		ExternalAccount:   iss.ExternalAccount,
+		PreferredChains:   iss.PreferredChains,
 		Logger:            iss.logger,
 	}
author	Matthew Holt <mholt@users.noreply.github.com>	2020-11-12 15:02:35 -0700
committer	Matthew Holt <mholt@users.noreply.github.com>	2020-11-12 15:03:07 -0700
commit	95af4262a8adf12e0c5eb178d9e521903eb8b0e4 (patch)
tree	dedf6b9b7fe6622f455002e88590a1e29346ad5b /modules/caddytls
parent	3db60e6cbace3c03b7fe6cbaf8fd49fd42fde5b2 (diff)