From bf50d7010a26468791f4397c0f0c4f9a8ed1d6a2 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Tue, 2 Feb 2021 17:23:52 -0700
Subject: acmeserver: Support custom CAs from Caddyfile

The HTTP Caddyfile adapter can now configure the PKI app, and the acme_server directive can now be used to specify a custom CA used for issuing certificates. More customization options can follow later as needed.
---
 modules/caddypki/pki.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'modules/caddypki/pki.go')

diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go
index 7737079..b6f08b1 100644
--- a/modules/caddypki/pki.go
+++ b/modules/caddypki/pki.go
@@ -49,10 +49,14 @@ func (p *PKI) Provision(ctx caddy.Context) error {
 	p.ctx = ctx
 	p.log = ctx.Logger(p)
 
-	// if this app is initialized at all, ensure there's
-	// at least a default CA that can be used
-	if len(p.CAs) == 0 {
-		p.CAs = map[string]*CA{DefaultCAID: new(CA)}
+	// if this app is initialized at all, ensure there's at
+	// least a default CA that can be used: the standard CA
+	// which is used implicitly for signing local-use certs
+	if p.CAs == nil {
+		p.CAs = make(map[string]*CA)
+	}
+	if _, ok := p.CAs[DefaultCAID]; !ok {
+		p.CAs[DefaultCAID] = new(CA)
 	}
 
 	for caID, ca := range p.CAs {
-- 
cgit v1.2.3