diff options
| author | Francis Lavoie <[email protected]> | 2022-01-18 14:19:50 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2022-01-18 12:19:50 -0700 |
| commit | a79b4055e56dc4e2f2caaae9aea555d1be471948 (patch) | |
| tree | 7eae1be2a7ec8d5d7f298c9e196c7fe85fa7c444 | |
| parent | 5a0715689444537cf2c41e3362468b97f31493b6 (diff) | |
| download | caddy-a79b4055e56dc4e2f2caaae9aea555d1be471948.tar.gz caddy-a79b4055e56dc4e2f2caaae9aea555d1be471948.zip | |
caddytls: Add internal Caddyfile `lifetime`, `sign_with_root` opts (#4513)
| -rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_internal_options.txt | 54 | ||||
| -rw-r--r-- | modules/caddytls/internalissuer.go | 21 |
2 files changed, 74 insertions, 1 deletions
diff --git a/caddytest/integration/caddyfile_adapt/tls_internal_options.txt b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt new file mode 100644 index 000000000..7298a3707 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt @@ -0,0 +1,54 @@ +a.example.com {
+ tls {
+ issuer internal {
+ ca foo
+ lifetime 24h
+ sign_with_root
+ }
+ }
+}
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "a.example.com"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ }
+ }
+ },
+ "tls": {
+ "automation": {
+ "policies": [
+ {
+ "subjects": [
+ "a.example.com"
+ ],
+ "issuers": [
+ {
+ "ca": "foo",
+ "lifetime": 86400000000000,
+ "module": "internal",
+ "sign_with_root": true
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+}
\ No newline at end of file diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 5de3af56c..ba6055edd 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -149,7 +149,9 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // // ... internal { -// ca <name> +// ca <name> +// lifetime <duration> +// sign_with_root // } // func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -160,6 +162,23 @@ func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.AllArgs(&iss.CA) { return d.ArgErr() } + + case "lifetime": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return err + } + iss.Lifetime = caddy.Duration(dur) + + case "sign_with_root": + if d.NextArg() { + return d.ArgErr() + } + iss.SignWithRoot = true + } } } |