diff options
Diffstat (limited to 'caddyconfig')
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 31 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 9 |
2 files changed, 37 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index cecb3d4..2b6b111 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -31,8 +31,9 @@ func init() { RegisterGlobalOption("experimental_http3", parseOptTrue) RegisterGlobalOption("storage", parseOptStorage) RegisterGlobalOption("acme_ca", parseOptSingleString) - RegisterGlobalOption("acme_dns", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) + RegisterGlobalOption("acme_dns", parseOptSingleString) + RegisterGlobalOption("acme_eab", parseOptACMEEAB) RegisterGlobalOption("email", parseOptSingleString) RegisterGlobalOption("admin", parseOptAdmin) RegisterGlobalOption("on_demand_tls", parseOptOnDemand) @@ -180,6 +181,34 @@ func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { return storage, nil } +func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { + eab := new(caddytls.ExternalAccountBinding) + for d.Next() { + if d.NextArg() { + return nil, d.ArgErr() + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "key_id": + if !d.NextArg() { + return nil, d.ArgErr() + } + eab.KeyID = d.Val() + + case "hmac": + if !d.NextArg() { + return nil, d.ArgErr() + } + eab.HMAC = d.Val() + + default: + return nil, d.Errf("unrecognized parameter '%s'", d.Val()) + } + } + } + return eab, nil +} + func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) { d.Next() // consume parameter name if !d.Next() { diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 90b4e71..8f64291 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -348,13 +348,15 @@ func (st ServerType) buildTLSApp( // true, a non-nil value will always be returned (unless there is an error). func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) { acmeCA, hasACMECA := options["acme_ca"] - acmeDNS, hasACMEDNS := options["acme_dns"] acmeCARoot, hasACMECARoot := options["acme_ca_root"] + acmeDNS, hasACMEDNS := options["acme_dns"] + acmeEAB, hasACMEEAB := options["acme_eab"] + email, hasEmail := options["email"] localCerts, hasLocalCerts := options["local_certs"] keyType, hasKeyType := options["key_type"] - hasGlobalAutomationOpts := hasACMECA || hasACMEDNS || hasACMECARoot || hasEmail || hasLocalCerts || hasKeyType + hasGlobalAutomationOpts := hasACMECA || hasACMECARoot || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts || hasKeyType // if there are no global options related to automation policies // set, then we can just return right away @@ -396,6 +398,9 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon if acmeCARoot != nil { mgr.TrustedRootsPEMFiles = []string{acmeCARoot.(string)} } + if acmeEAB != nil { + mgr.ExternalAccount = acmeEAB.(*caddytls.ExternalAccountBinding) + } if keyType != nil { ap.KeyType = keyType.(string) } |