From ef7f15f3a42474319e2db0dff6720d91c153f0bf Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 2 May 2021 14:11:27 -0400 Subject: httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077) --- caddyconfig/httpcaddyfile/builtins.go | 8 ++++---- caddyconfig/httpcaddyfile/httptype.go | 3 +++ caddyconfig/httpcaddyfile/options.go | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) (limited to 'caddyconfig/httpcaddyfile') diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 32f9da7..d52c5ef 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -126,10 +126,10 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // must load each cert only once; otherwise, they each get a // different tag... since a cert loaded twice has the same // bytes, it will overwrite the first one in the cache, and - // only the last cert (and its tag) will survive, so a any conn - // policy that is looking for any tag but the last one to be - // loaded won't find it, and TLS handshakes will fail (see end) - // of issue #3004) + // only the last cert (and its tag) will survive, so any conn + // policy that is looking for any tag other than the last one + // to be loaded won't find it, and TLS handshakes will fail + // (see end of issue #3004) // // tlsCertTags maps certificate filenames to their tag. // This is used to remember which tag is used for each diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 4288076..1ccaed2 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -451,6 +451,9 @@ func (st *ServerType) serversFromPairings( if autoHTTPS == "disable_redirects" { srv.AutoHTTPS.DisableRedir = true } + if autoHTTPS == "ignore_loaded_certs" { + srv.AutoHTTPS.IgnoreLoadedCerts = true + } } // sort server blocks by their keys; this is important because diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 799b088..d95496c 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -379,8 +379,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro if d.Next() { return "", d.ArgErr() } - if val != "off" && val != "disable_redirects" { - return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'") + if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" { + return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'") } return val, nil } -- cgit v1.2.3