caddytls: add 'key_type' subdirective (#3956)

* caddytls: add 'key_type' subdirective

* Suggested change

* *string -> string

* test
This commit is contained in:
Jordi Masip 2021-01-06 20:02:58 +01:00 committed by GitHub
parent f0216967dc
commit 8b6fdc04da
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 0 deletions

View file

@ -87,6 +87,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
var folderLoader caddytls.FolderLoader
var certSelector caddytls.CustomCertSelectionPolicy
var acmeIssuer *caddytls.ACMEIssuer
var keyType string
var internalIssuer *caddytls.InternalIssuer
var issuers []certmagic.Issuer
var onDemand bool
@ -267,6 +268,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
}
acmeIssuer.CA = arg[0]
case "key_type":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
keyType = arg[0]
case "eab":
arg := h.RemainingArgs()
if len(arg) != 2 {
@ -384,6 +392,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
})
}
if keyType != "" {
configVals = append(configVals, ConfigValue{
Class: "tls.key_type",
Value: keyType,
})
}
// on-demand TLS
if onDemand {
configVals = append(configVals, ConfigValue{

View file

@ -108,6 +108,10 @@ func (st ServerType) buildTLSApp(
ap.OnDemand = true
}
if keyTypeVals, ok := sblock.pile["tls.key_type"]; ok {
ap.KeyType = keyTypeVals[0].Value.(string)
}
// certificate issuers
if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok {
var issuers []certmagic.Issuer

View file

@ -7,6 +7,7 @@
example.com {
tls {
on_demand
key_type rsa2048
}
}
@ -79,6 +80,7 @@ http://example.net {
"module": "zerossl"
}
],
"key_type": "rsa2048",
"on_demand": true
},
{