diff options
Diffstat (limited to 'modules/caddytls/tls.go')
-rw-r--r-- | modules/caddytls/tls.go | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 54f0e23..1255d3d 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -93,10 +93,17 @@ func (t *TLS) Provision(ctx caddy.Context) error { if t.Automation == nil { t.Automation = new(AutomationConfig) } - t.Automation.defaultAutomationPolicy = new(AutomationPolicy) - err := t.Automation.defaultAutomationPolicy.Provision(t) + t.Automation.defaultPublicAutomationPolicy = new(AutomationPolicy) + err := t.Automation.defaultPublicAutomationPolicy.Provision(t) if err != nil { - return fmt.Errorf("provisioning default automation policy: %v", err) + return fmt.Errorf("provisioning default public automation policy: %v", err) + } + t.Automation.defaultInternalAutomationPolicy = &AutomationPolicy{ + IssuerRaw: json.RawMessage(`{"module":"internal"}`), + } + err = t.Automation.defaultInternalAutomationPolicy.Provision(t) + if err != nil { + return fmt.Errorf("provisioning default internal automation policy: %v", err) } for i, ap := range t.Automation.Policies { err := ap.Provision(t) @@ -318,6 +325,10 @@ func (t *TLS) getConfigForName(name string) *certmagic.Config { return ap.magic } +// getAutomationPolicyForName returns the first matching automation policy +// for the given subject name. If no matching policy can be found, the +// default policy is used, depending on whether the name qualifies for a +// public certificate or not. func (t *TLS) getAutomationPolicyForName(name string) *AutomationPolicy { for _, ap := range t.Automation.Policies { if len(ap.Subjects) == 0 { @@ -329,7 +340,10 @@ func (t *TLS) getAutomationPolicyForName(name string) *AutomationPolicy { } } } - return t.Automation.defaultAutomationPolicy + if certmagic.SubjectQualifiesForPublicCert(name) { + return t.Automation.defaultPublicAutomationPolicy + } + return t.Automation.defaultInternalAutomationPolicy } // AllMatchingCertificates returns the list of all certificates in |