From b81ae38686fb9fb133a0308294b3dd898b769dac Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 6 Feb 2020 12:55:26 -0700 Subject: caddyfile: tls: Tag manual certificates (#2588) This ensure that if there are multiple certs that match a particular ServerName or other parameter, then specifically the one the user provided in the Caddyfile will be used. --- caddyconfig/httpcaddyfile/builtins.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'caddyconfig') diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 3fc78a1..7c56b04 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -127,11 +127,21 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } mgr.Email = firstLine[0] case 2: + tag := fmt.Sprintf("cert%d", tagCounter) fileLoader = append(fileLoader, caddytls.CertKeyFilePair{ Certificate: firstLine[0], Key: firstLine[1], - // TODO: add tags, to ensure this certificate is always used for this server name + Tags: []string{tag}, }) + // tag this certificate so if multiple certs match, specifically + // this one that the user has provided will be used, see #2588: + // https://github.com/caddyserver/caddy/issues/2588 + tagCounter++ + certSelector := caddytls.CustomCertSelectionPolicy{Tag: tag} + if cp == nil { + cp = new(caddytls.ConnectionPolicy) + } + cp.CertSelection = caddyconfig.JSONModuleObject(certSelector, "policy", "custom", h.warnings) default: return nil, h.ArgErr() } @@ -382,3 +392,5 @@ func parseHandle(h Helper) (caddyhttp.MiddlewareHandler, error) { return nil, nil } + +var tagCounter = 0 -- cgit v1.2.3