diff options
| author | Rithvik Vibhu <[email protected]> | 2024-01-10 04:30:31 +0530 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-01-09 16:00:31 -0700 |
| commit | ed41c924cfdee562b36c86cced5571c2800348d8 (patch) | |
| tree | 0028ecead0e356e7c6342aa31e4da8aa831b3558 /caddyconfig | |
| parent | d9ff7b18726e21327b21b5e30b0ebd90f9023b39 (diff) | |
| download | caddy-ed41c924cfdee562b36c86cced5571c2800348d8.tar.gz caddy-ed41c924cfdee562b36c86cced5571c2800348d8.zip | |
tls: add reuse_private_keys (#6025)
Diffstat (limited to 'caddyconfig')
| -rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 16 | ||||
| -rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 6 |
2 files changed, 22 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 22b2f01fa..568028388 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -90,6 +90,7 @@ func parseBind(h Helper) ([]ConfigValue, error) { // dns_ttl <duration> // dns_challenge_override_domain <domain> // on_demand +// reuse_private_keys // eab <key_id> <mac_key> // issuer <module_name> [...] // get_certificate <module_name> [...] @@ -106,6 +107,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var issuers []certmagic.Issuer var certManagers []certmagic.Manager var onDemand bool + var reusePrivateKeys bool for h.Next() { // file certificate loader @@ -483,6 +485,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } onDemand = true + case "reuse_private_keys": + if h.NextArg() { + return nil, h.ArgErr() + } + reusePrivateKeys = true + case "insecure_secrets_log": if !h.NextArg() { return nil, h.ArgErr() @@ -589,6 +597,14 @@ func parseTLS(h Helper) ([]ConfigValue, error) { }) } + // reuse private keys TLS + if reusePrivateKeys { + configVals = append(configVals, ConfigValue{ + Class: "tls.reuse_private_keys", + Value: true, + }) + } + // custom certificate selection if len(certSelector.AnyTag) > 0 { cp.CertSelection = &certSelector diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index cb947a6e4..1adb2b6e0 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -118,6 +118,11 @@ func (st ServerType) buildTLSApp( ap.OnDemand = true } + // reuse private keys tls + if _, ok := sblock.pile["tls.reuse_private_keys"]; ok { + ap.ReusePrivateKeys = true + } + if keyTypeVals, ok := sblock.pile["tls.key_type"]; ok { ap.KeyType = keyTypeVals[0].Value.(string) } @@ -587,6 +592,7 @@ outer: aps[i].MustStaple == aps[j].MustStaple && aps[i].KeyType == aps[j].KeyType && aps[i].OnDemand == aps[j].OnDemand && + aps[i].ReusePrivateKeys == aps[j].ReusePrivateKeys && aps[i].RenewalWindowRatio == aps[j].RenewalWindowRatio { if len(aps[i].SubjectsRaw) > 0 && len(aps[j].SubjectsRaw) == 0 { // later policy (at j) has no subjects ("catch-all"), so we can |