From c5197f59991df7fbe6b921a2a84483d108525d03 Mon Sep 17 00:00:00 2001 From: Ian Date: Mon, 23 Nov 2020 12:58:26 -0800 Subject: acme_server: fix reload of acme database (#3874) * acme_server: Refactor database creation apart from authority creation This is a WIP commit that doesn't really offer anything other than setting us up for using a UsagePool to gracefully reload acme_server configs. * Implement UsagePool * Remove unused context * Fix initializing non-ACME CA This will handle cases where a DB is not provided * Sanitize acme db path and clean debug logs * Move regex to package level to prevent recompiling --- modules/caddypki/ca.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'modules/caddypki/ca.go') diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index f95c9a0..5e76676 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -195,14 +195,18 @@ func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority issuerKey = ca.IntermediateKey() } - auth, err := authority.NewEmbedded( + opts := []authority.Option{ authority.WithConfig(&authority.Config{ AuthorityConfig: authorityConfig.AuthConfig, - DB: authorityConfig.DB, }), authority.WithX509Signer(issuerCert, issuerKey.(crypto.Signer)), authority.WithX509RootCerts(rootCert), - ) + } + // Add a database if we have one + if authorityConfig.DB != nil { + opts = append(opts, authority.WithDatabase(*authorityConfig.DB)) + } + auth, err := authority.NewEmbedded(opts...) if err != nil { return nil, fmt.Errorf("initializing certificate authority: %v", err) } @@ -382,7 +386,7 @@ type AuthorityConfig struct { SignWithRoot bool // TODO: should we just embed the underlying authority.Config struct type? - DB *db.Config + DB *db.AuthDB AuthConfig *authority.AuthConfig } -- cgit v1.2.3