summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorRanveer Avhad <[email protected]>2024-05-28 05:36:54 +0530
committerGitHub <[email protected]>2024-05-27 20:06:54 -0400
commite6f46c8d78b77d0aefe50750dfd6f6a18ba138e5 (patch)
tree52595c03eeff48008d8f75edd8e26687c2a582b3
parentf6d2c293e752254769efe21c8d06a16ebad4845e (diff)
downloadcaddy-2.8.0.tar.gz
caddy-2.8.0.zip
acmeserver: Add `sign_with_root` for Caddyfile (#6345)v2.8.0
* Added sign_with_root option available in the Caddyfile * Added tests for sign_with_root to validate the adapted JSON config
-rw-r--r--caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest67
-rw-r--r--modules/caddypki/acmeserver/caddyfile.go6
2 files changed, 73 insertions, 0 deletions
diff --git a/caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest b/caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest
new file mode 100644
index 000000000..9880f2821
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest
@@ -0,0 +1,67 @@
+{
+ pki {
+ ca internal {
+ name "Internal"
+ root_cn "Internal Root Cert"
+ intermediate_cn "Internal Intermediate Cert"
+ }
+ }
+}
+
+acme.example.com {
+ acme_server {
+ ca internal
+ sign_with_root
+ }
+}
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "acme.example.com"
+ ]
+ }
+ ],
+ "handle": [
+ {
+ "handler": "subroute",
+ "routes": [
+ {
+ "handle": [
+ {
+ "ca": "internal",
+ "handler": "acme_server",
+ "sign_with_root": true
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ }
+ }
+ },
+ "pki": {
+ "certificate_authorities": {
+ "internal": {
+ "name": "Internal",
+ "root_common_name": "Internal Root Cert",
+ "intermediate_common_name": "Internal Intermediate Cert"
+ }
+ }
+ }
+ }
+}
diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go
index 7eaaec49a..c4d111128 100644
--- a/modules/caddypki/acmeserver/caddyfile.go
+++ b/modules/caddypki/acmeserver/caddyfile.go
@@ -42,6 +42,7 @@ func init() {
// domains <domains...>
// ip_ranges <addresses...>
// }
+// sign_with_root
// }
func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) {
h.Next() // consume directive name
@@ -136,6 +137,11 @@ func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error
acmeServer.Policy = &Policy{}
}
acmeServer.Policy.Deny = r
+ case "sign_with_root":
+ if h.NextArg() {
+ return nil, h.ArgErr()
+ }
+ acmeServer.SignWithRoot = true
default:
return nil, h.Errf("unrecognized ACME server directive: %s", h.Val())
}