diff options
| author | Aziz Rmadi <[email protected]> | 2024-04-12 08:19:14 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-04-12 07:19:14 -0600 |
| commit | 0b381eb766dfad11f374342c34fe3606b9005562 (patch) | |
| tree | 97dd613ee069c298805ce9a655d19bbd2bd138db /modules/caddyhttp/reverseproxy/caddyfile.go | |
| parent | 83ef61de106b7574d5dea8ffeb879f384df4ebdf (diff) | |
| download | caddy-0b381eb766dfad11f374342c34fe3606b9005562.tar.gz caddy-0b381eb766dfad11f374342c34fe3606b9005562.zip | |
reverseproxy: Implement modular CA provider for TLS transport (#6065)
* added new modular ca providers to caddy tls HttpTransport
* reverse-proxy, httptransport: added tests and caddyfile support for ca module
---------
Co-authored-by: Mohammed Al Sahaf <[email protected]>
Diffstat (limited to 'modules/caddyhttp/reverseproxy/caddyfile.go')
| -rw-r--r-- | modules/caddyhttp/reverseproxy/caddyfile.go | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 9e0726be6..8dfbd93da 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -30,6 +30,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" + "github.com/caddyserver/caddy/v2/modules/caddytls" ) func init() { @@ -1145,6 +1146,9 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.TLS == nil { h.TLS = new(TLSConfig) } + if len(h.TLS.CARaw) != 0 { + return d.Err("cannot specify both 'tls_trust_pool' and 'tls_trusted_ca_certs") + } h.TLS.RootCAPEMFiles = args case "tls_server_name": @@ -1260,6 +1264,31 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.MaxConnsPerHost = num + case "tls_trust_pool": + if !d.NextArg() { + return d.ArgErr() + } + modStem := d.Val() + modID := "tls.ca_pool.source." + modStem + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return err + } + ca, ok := unm.(caddytls.CA) + if !ok { + return d.Errf("module %s is not a caddytls.CA", modID) + } + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + if len(h.TLS.RootCAPEMFiles) != 0 { + return d.Err("cannot specify both 'tls_trust_pool' and 'tls_trusted_ca_certs'") + } + if h.TLS.CARaw != nil { + return d.Err("cannot specify \"tls_trust_pool\" twice in caddyfile") + } + h.TLS.CARaw = caddyconfig.JSONModuleObject(ca, "provider", modStem, nil) + default: return d.Errf("unrecognized subdirective %s", d.Val()) } |