From eb80165583776d878256359f1635ffa9a17f0171 Mon Sep 17 00:00:00 2001 From: Mark Sargent <99003+sarge@users.noreply.github.com> Date: Thu, 13 Feb 2020 09:07:25 +1300 Subject: tls: Add acme_ca_root and tls/ca_root to caddyfile (#3040) --- caddyconfig/httpcaddyfile/builtins.go | 10 ++++++++++ caddyconfig/httpcaddyfile/httptype.go | 2 +- caddyconfig/httpcaddyfile/parser_test.go | 18 ++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) (limited to 'caddyconfig/httpcaddyfile') diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 29ca0be..bac12da 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -116,6 +116,9 @@ func parseTLS(h Helper) ([]ConfigValue, error) { if acmeCA := h.Option("acme_ca"); acmeCA != nil { mgr.CA = acmeCA.(string) } + if caPemFile := h.Option("acme_ca_root"); caPemFile != nil { + mgr.TrustedRootsPEMFiles = append(mgr.TrustedRootsPEMFiles, caPemFile.(string)) + } for h.Next() { // file certificate loader @@ -232,6 +235,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err) } mgr.Challenges.DNSRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, h.warnings) + + case "ca_root": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + mgr.TrustedRootsPEMFiles = append(mgr.TrustedRootsPEMFiles, arg[0]) default: return nil, h.Errf("unknown subdirective: %s", h.Val()) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 268f66a..5745b66 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -71,7 +71,7 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock, val, err = parseOptExperimentalHTTP3(disp) case "storage": val, err = parseOptStorage(disp) - case "acme_ca", "acme_dns": + case "acme_ca", "acme_dns", "acme_ca_root": val, err = parseOptACME(disp) case "email": val, err = parseOptEmail(disp) diff --git a/caddyconfig/httpcaddyfile/parser_test.go b/caddyconfig/httpcaddyfile/parser_test.go index ae5751c..8a62356 100644 --- a/caddyconfig/httpcaddyfile/parser_test.go +++ b/caddyconfig/httpcaddyfile/parser_test.go @@ -45,6 +45,24 @@ func TestParse(t *testing.T) { expectWarn: false, expectError: true, }, + { + input: ` + { + email test@anon.com + acme_ca https://ca.custom + acme_ca_root /root/certs/ca.crt + } + + https://caddy { + tls { + ca https://ca.custom + ca_root /root/certs/ca.crt + } + } + `, + expectWarn: false, + expectError: false, + }, } { adapter := caddyfile.Adapter{ -- cgit v1.2.3