diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 32f9da71..d52c5ef8 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -126,10 +126,10 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // must load each cert only once; otherwise, they each get a // different tag... since a cert loaded twice has the same // bytes, it will overwrite the first one in the cache, and - // only the last cert (and its tag) will survive, so a any conn - // policy that is looking for any tag but the last one to be - // loaded won't find it, and TLS handshakes will fail (see end) - // of issue #3004) + // only the last cert (and its tag) will survive, so any conn + // policy that is looking for any tag other than the last one + // to be loaded won't find it, and TLS handshakes will fail + // (see end of issue #3004) // // tlsCertTags maps certificate filenames to their tag. // This is used to remember which tag is used for each diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 42880765..1ccaed24 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -451,6 +451,9 @@ func (st *ServerType) serversFromPairings( if autoHTTPS == "disable_redirects" { srv.AutoHTTPS.DisableRedir = true } + if autoHTTPS == "ignore_loaded_certs" { + srv.AutoHTTPS.IgnoreLoadedCerts = true + } } // sort server blocks by their keys; this is important because diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 799b0881..d95496c3 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -379,8 +379,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro if d.Next() { return "", d.ArgErr() } - if val != "off" && val != "disable_redirects" { - return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'") + if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" { + return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'") } return val, nil } diff --git a/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt new file mode 100644 index 00000000..1c654385 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt @@ -0,0 +1,34 @@ +{ + auto_https ignore_loaded_certs +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "ignore_loaded_certificates": true + } + } + } + } + } +} \ No newline at end of file