tls: Add acme_ca_root and tls/ca_root to caddyfile (#3040)

This commit is contained in:
Mark Sargent 2020-02-13 09:07:25 +13:00 committed by GitHub
parent 17d938fc54
commit eb80165583
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 1 deletions

View file

@ -116,6 +116,9 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
if acmeCA := h.Option("acme_ca"); acmeCA != nil {
mgr.CA = acmeCA.(string)
}
if caPemFile := h.Option("acme_ca_root"); caPemFile != nil {
mgr.TrustedRootsPEMFiles = append(mgr.TrustedRootsPEMFiles, caPemFile.(string))
}
for h.Next() {
// file certificate loader
@ -232,6 +235,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err)
}
mgr.Challenges.DNSRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, h.warnings)
case "ca_root":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
mgr.TrustedRootsPEMFiles = append(mgr.TrustedRootsPEMFiles, arg[0])
default:
return nil, h.Errf("unknown subdirective: %s", h.Val())

View file

@ -71,7 +71,7 @@ func (st ServerType) Setup(originalServerBlocks []caddyfile.ServerBlock,
val, err = parseOptExperimentalHTTP3(disp)
case "storage":
val, err = parseOptStorage(disp)
case "acme_ca", "acme_dns":
case "acme_ca", "acme_dns", "acme_ca_root":
val, err = parseOptACME(disp)
case "email":
val, err = parseOptEmail(disp)

View file

@ -45,6 +45,24 @@ func TestParse(t *testing.T) {
expectWarn: false,
expectError: true,
},
{
input: `
{
email test@anon.com
acme_ca https://ca.custom
acme_ca_root /root/certs/ca.crt
}
https://caddy {
tls {
ca https://ca.custom
ca_root /root/certs/ca.crt
}
}
`,
expectWarn: false,
expectError: false,
},
} {
adapter := caddyfile.Adapter{