From 13781e67ab1b2553598d0dd1a7153ce3cdbd4879 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 16 Nov 2020 11:05:55 -0700 Subject: caddytls: Support multiple issuers (#3862) * caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod --- modules/caddytls/tls.go | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'modules/caddytls/tls.go') diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 12d25ad..146eed4 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -137,7 +137,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { continue } t.Automation.defaultInternalAutomationPolicy = &AutomationPolicy{ - IssuerRaw: json.RawMessage(`{"module":"internal"}`), + IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } err = t.Automation.defaultInternalAutomationPolicy.Provision(t) if err != nil { @@ -303,20 +303,22 @@ func (t *TLS) Manage(names []string) error { // HandleHTTPChallenge ensures that the HTTP challenge is handled for the // certificate named by r.Host, if it is an HTTP challenge request. It -// requires that the automation policy for r.Host has an issue of type -// *certmagic.ACMEManager. +// requires that the automation policy for r.Host has an issuer of type +// *certmagic.ACMEManager, or one that is ACME-enabled (GetACMEIssuer()). func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { if !certmagic.LooksLikeHTTPChallenge(r) { return false } + // try all the issuers until we find the one that initiated the challenge ap := t.getAutomationPolicyForName(r.Host) - if ap.magic.Issuer == nil { - return false - } type acmeCapable interface{ GetACMEIssuer() *ACMEIssuer } - if am, ok := ap.magic.Issuer.(acmeCapable); ok { - iss := am.GetACMEIssuer() - return certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) + for _, iss := range ap.magic.Issuers { + if am, ok := iss.(acmeCapable); ok { + iss := am.GetACMEIssuer() + if certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) { + return true + } + } } return false } -- cgit v1.2.3