summaryrefslogtreecommitdiff
path: root/caddyconfig
diff options
context:
space:
mode:
Diffstat (limited to 'caddyconfig')
-rw-r--r--caddyconfig/httpcaddyfile/options.go31
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go9
2 files changed, 37 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index cecb3d4..2b6b111 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -31,8 +31,9 @@ func init() {
RegisterGlobalOption("experimental_http3", parseOptTrue)
RegisterGlobalOption("storage", parseOptStorage)
RegisterGlobalOption("acme_ca", parseOptSingleString)
- RegisterGlobalOption("acme_dns", parseOptSingleString)
RegisterGlobalOption("acme_ca_root", parseOptSingleString)
+ RegisterGlobalOption("acme_dns", parseOptSingleString)
+ RegisterGlobalOption("acme_eab", parseOptACMEEAB)
RegisterGlobalOption("email", parseOptSingleString)
RegisterGlobalOption("admin", parseOptAdmin)
RegisterGlobalOption("on_demand_tls", parseOptOnDemand)
@@ -180,6 +181,34 @@ func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) {
return storage, nil
}
+func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) {
+ eab := new(caddytls.ExternalAccountBinding)
+ for d.Next() {
+ if d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ for nesting := d.Nesting(); d.NextBlock(nesting); {
+ switch d.Val() {
+ case "key_id":
+ if !d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ eab.KeyID = d.Val()
+
+ case "hmac":
+ if !d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ eab.HMAC = d.Val()
+
+ default:
+ return nil, d.Errf("unrecognized parameter '%s'", d.Val())
+ }
+ }
+ }
+ return eab, nil
+}
+
func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) {
d.Next() // consume parameter name
if !d.Next() {
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 90b4e71..8f64291 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -348,13 +348,15 @@ func (st ServerType) buildTLSApp(
// true, a non-nil value will always be returned (unless there is an error).
func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) {
acmeCA, hasACMECA := options["acme_ca"]
- acmeDNS, hasACMEDNS := options["acme_dns"]
acmeCARoot, hasACMECARoot := options["acme_ca_root"]
+ acmeDNS, hasACMEDNS := options["acme_dns"]
+ acmeEAB, hasACMEEAB := options["acme_eab"]
+
email, hasEmail := options["email"]
localCerts, hasLocalCerts := options["local_certs"]
keyType, hasKeyType := options["key_type"]
- hasGlobalAutomationOpts := hasACMECA || hasACMEDNS || hasACMECARoot || hasEmail || hasLocalCerts || hasKeyType
+ hasGlobalAutomationOpts := hasACMECA || hasACMECARoot || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts || hasKeyType
// if there are no global options related to automation policies
// set, then we can just return right away
@@ -396,6 +398,9 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon
if acmeCARoot != nil {
mgr.TrustedRootsPEMFiles = []string{acmeCARoot.(string)}
}
+ if acmeEAB != nil {
+ mgr.ExternalAccount = acmeEAB.(*caddytls.ExternalAccountBinding)
+ }
if keyType != nil {
ap.KeyType = keyType.(string)
}