From 8b6fdc04da5b31d8cb62b9d2574d16afe81ad549 Mon Sep 17 00:00:00 2001 From: Jordi Masip Date: Wed, 6 Jan 2021 20:02:58 +0100 Subject: [PATCH] caddytls: add 'key_type' subdirective (#3956) * caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test --- caddyconfig/httpcaddyfile/builtins.go | 15 +++++++++++++++ caddyconfig/httpcaddyfile/tlsapp.go | 4 ++++ .../caddyfile_adapt/tls_automation_policies_2.txt | 2 ++ 3 files changed, 21 insertions(+) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 7d16da15..08dfa886 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -87,6 +87,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var folderLoader caddytls.FolderLoader var certSelector caddytls.CustomCertSelectionPolicy var acmeIssuer *caddytls.ACMEIssuer + var keyType string var internalIssuer *caddytls.InternalIssuer var issuers []certmagic.Issuer var onDemand bool @@ -267,6 +268,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.CA = arg[0] + case "key_type": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + keyType = arg[0] + case "eab": arg := h.RemainingArgs() if len(arg) != 2 { @@ -384,6 +392,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { }) } + if keyType != "" { + configVals = append(configVals, ConfigValue{ + Class: "tls.key_type", + Value: keyType, + }) + } + // on-demand TLS if onDemand { configVals = append(configVals, ConfigValue{ diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 440c447d..a66146da 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -108,6 +108,10 @@ func (st ServerType) buildTLSApp( ap.OnDemand = true } + if keyTypeVals, ok := sblock.pile["tls.key_type"]; ok { + ap.KeyType = keyTypeVals[0].Value.(string) + } + // certificate issuers if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok { var issuers []certmagic.Issuer diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt index db8e38bd..9be0a19a 100644 --- a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt @@ -7,6 +7,7 @@ example.com { tls { on_demand + key_type rsa2048 } } @@ -79,6 +80,7 @@ http://example.net { "module": "zerossl" } ], + "key_type": "rsa2048", "on_demand": true }, {