diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-24 12:16:10 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-24 12:16:10 -0600 |
commit | 38677aaa58eb76a416fa42146956f3e3a5981e75 (patch) | |
tree | a782a862b7e552d1bdaeebf3514b75392a06f4b4 /modules | |
parent | d49f762f6d9cdc2e92e8de40f0b0e99a9d0c4fc9 (diff) |
caddytls: Support tags for manually-loaded certificates
Diffstat (limited to 'modules')
-rw-r--r-- | modules/caddyhttp/caddyhttp.go | 1 | ||||
-rw-r--r-- | modules/caddytls/fileloader.go | 13 | ||||
-rw-r--r-- | modules/caddytls/folderloader.go | 8 | ||||
-rw-r--r-- | modules/caddytls/tls.go | 12 |
4 files changed, 23 insertions, 11 deletions
diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 68568a9..036a3ab 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -243,6 +243,7 @@ func (app *App) automaticHTTPS() error { }) // manage their certificates + log.Printf("[INFO] Enabling automatic HTTPS for %v", domains) err := tlsApp.Manage(domains) if err != nil { return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err) diff --git a/modules/caddytls/fileloader.go b/modules/caddytls/fileloader.go index 63592f9..d8e2d21 100644 --- a/modules/caddytls/fileloader.go +++ b/modules/caddytls/fileloader.go @@ -21,14 +21,15 @@ type fileLoader []CertKeyFilePair // CertKeyFilePair pairs certificate and key file names along with their // encoding format so that they can be loaded from disk. type CertKeyFilePair struct { - Certificate string `json:"certificate"` - Key string `json:"key"` - Format string `json:"format,omitempty"` // "pem" is default + Certificate string `json:"certificate"` + Key string `json:"key"` + Format string `json:"format,omitempty"` // "pem" is default + Tags []string `json:"tags,omitempty"` } // LoadCertificates returns the certificates to be loaded by fl. -func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) { - var certs []tls.Certificate +func (fl fileLoader) LoadCertificates() ([]Certificate, error) { + var certs []Certificate for _, pair := range fl { certData, err := ioutil.ReadFile(pair.Certificate) if err != nil { @@ -52,7 +53,7 @@ func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) { return nil, err } - certs = append(certs, cert) + certs = append(certs, Certificate{Certificate: cert, Tags: pair.Tags}) } return certs, nil } diff --git a/modules/caddytls/folderloader.go b/modules/caddytls/folderloader.go index bcc22d8..c491708 100644 --- a/modules/caddytls/folderloader.go +++ b/modules/caddytls/folderloader.go @@ -29,8 +29,8 @@ type folderLoader []string // listed in fl from all files ending with .pem. This method of loading // certificates expects the certificate and key to be bundled into the // same file. -func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) { - var certs []tls.Certificate +func (fl folderLoader) LoadCertificates() ([]Certificate, error) { + var certs []Certificate for _, dir := range fl { err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error { if err != nil { @@ -48,7 +48,7 @@ func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) { return err } - certs = append(certs, cert) + certs = append(certs, Certificate{Certificate: cert}) return nil }) @@ -120,3 +120,5 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { return cert, nil } + +var _ CertificateLoader = (folderLoader)(nil) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 63bc21d..7f5b1e9 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -98,7 +98,7 @@ func (t *TLS) Start() error { Storage: t.ctx.Storage(), }) for _, cert := range certs { - err := magic.CacheUnmanagedTLSCertificate(cert) + err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags) if err != nil { return fmt.Errorf("caching unmanaged certificate: %v", err) } @@ -182,8 +182,16 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy { } // CertificateLoader is a type that can load certificates. +// Certificates can optionally be associated with tags. type CertificateLoader interface { - LoadCertificates() ([]tls.Certificate, error) + LoadCertificates() ([]Certificate, error) +} + +// Certificate is a TLS certificate, optionally +// associated with arbitrary tags. +type Certificate struct { + tls.Certificate + Tags []string } // AutomationConfig designates configuration for the |