caddypki: Add SignWithRoot option for ACME server

See https://caddy.community/t/setting-up-a-caddy-pki-based-on-a-windows-
root-ca-was-getting-pki-config/11616/7

Also improved a godoc comment in the caddytls package.
This commit is contained in:
Matthew Holt 2021-02-26 19:27:58 -07:00
parent ce5a0934a8
commit ec309c6d52
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
2 changed files with 16 additions and 5 deletions

View file

@ -66,6 +66,13 @@ type Handler struct {
// on this property long-term; check release notes.
PathPrefix string `json:"path_prefix,omitempty"`
// If true, the CA's root will be the issuer instead of
// the intermediate. This is NOT recommended and should
// only be used when devices/clients do not properly
// validate certificate chains. EXPERIMENTAL: Might be
// changed or removed in the future.
SignWithRoot bool `json:"sign_with_root,omitempty"`
acmeEndpoints http.Handler
logger *zap.Logger
}
@ -109,6 +116,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error {
}
authorityConfig := caddypki.AuthorityConfig{
SignWithRoot: ash.SignWithRoot,
AuthConfig: &authority.AuthConfig{
Provisioners: provisioner.List{
&provisioner.ACME{

View file

@ -478,11 +478,14 @@ type Certificate struct {
Tags []string
}
// AutomateLoader is a no-op certificate loader module
// that is treated as a special case: it uses this app's
// automation features to load certificates for the
// list of hostnames, rather than loading certificates
// manually.
// AutomateLoader will automatically manage certificates for the names
// in the list, including obtaining and renewing certificates. Automated
// certificates are managed according to their matching automation policy,
// configured elsewhere in this app.
//
// This is a no-op certificate loader module that is treated as a special
// case: it uses this app's automation features to load certificates for the
// list of hostnames, rather than loading certificates manually.
type AutomateLoader []string
// CaddyModule returns the Caddy module information.