From c04d24cafa60e522842d5188587ab07af2082e9b Mon Sep 17 00:00:00 2001
From: Francis Lavoie <lavofr@gmail.com>
Date: Mon, 13 Dec 2021 14:25:35 -0500
Subject: pki: Avoid provisioning the `local` CA when not necessary (#4463)

* pki: Avoid provisioning the `local` CA when not necessary

* pki: Refactor CA loading to keep the logic in the PKI app
---
 modules/caddytls/internalissuer.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'modules/caddytls')

diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go
index 7a25f6d..d9b6117 100644
--- a/modules/caddytls/internalissuer.go
+++ b/modules/caddytls/internalissuer.go
@@ -19,7 +19,6 @@ import (
 	"context"
 	"crypto/x509"
 	"encoding/pem"
-	"fmt"
 	"time"
 
 	"github.com/caddyserver/caddy/v2"
@@ -68,18 +67,20 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo {
 func (iss *InternalIssuer) Provision(ctx caddy.Context) error {
 	iss.logger = ctx.Logger(iss)
 
+	// set some defaults
+	if iss.CA == "" {
+		iss.CA = caddypki.DefaultCAID
+	}
+
 	// get a reference to the configured CA
 	appModule, err := ctx.App("pki")
 	if err != nil {
 		return err
 	}
 	pkiApp := appModule.(*caddypki.PKI)
-	if iss.CA == "" {
-		iss.CA = caddypki.DefaultCAID
-	}
-	ca, ok := pkiApp.CAs[iss.CA]
-	if !ok {
-		return fmt.Errorf("no certificate authority configured with id: %s", iss.CA)
+	ca, err := pkiApp.GetCA(iss.CA, &ctx)
+	if err != nil {
+		return err
 	}
 	iss.ca = ca
 
-- 
cgit v1.2.3