summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest67
-rw-r--r--modules/caddypki/acmeserver/caddyfile.go6
2 files changed, 73 insertions, 0 deletions
diff --git a/caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest b/caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest
new file mode 100644
index 000000000..9880f2821
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest
@@ -0,0 +1,67 @@
+{
+ pki {
+ ca internal {
+ name "Internal"
+ root_cn "Internal Root Cert"
+ intermediate_cn "Internal Intermediate Cert"
+ }
+ }
+}
+
+acme.example.com {
+ acme_server {
+ ca internal
+ sign_with_root
+ }
+}
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "acme.example.com"
+ ]
+ }
+ ],
+ "handle": [
+ {
+ "handler": "subroute",
+ "routes": [
+ {
+ "handle": [
+ {
+ "ca": "internal",
+ "handler": "acme_server",
+ "sign_with_root": true
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ }
+ }
+ },
+ "pki": {
+ "certificate_authorities": {
+ "internal": {
+ "name": "Internal",
+ "root_common_name": "Internal Root Cert",
+ "intermediate_common_name": "Internal Intermediate Cert"
+ }
+ }
+ }
+ }
+}
diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go
index 7eaaec49a..c4d111128 100644
--- a/modules/caddypki/acmeserver/caddyfile.go
+++ b/modules/caddypki/acmeserver/caddyfile.go
@@ -42,6 +42,7 @@ func init() {
// domains <domains...>
// ip_ranges <addresses...>
// }
+// sign_with_root
// }
func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) {
h.Next() // consume directive name
@@ -136,6 +137,11 @@ func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error
acmeServer.Policy = &Policy{}
}
acmeServer.Policy.Deny = r
+ case "sign_with_root":
+ if h.NextArg() {
+ return nil, h.ArgErr()
+ }
+ acmeServer.SignWithRoot = true
default:
return nil, h.Errf("unrecognized ACME server directive: %s", h.Val())
}