diff options
Diffstat (limited to 'caddyconfig')
| -rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 25 | ||||
| -rw-r--r-- | caddyconfig/httploader.go | 10 |
2 files changed, 27 insertions, 8 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index bbc63ced8..6a8ba0bd3 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -345,9 +345,34 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) { if ond == nil { ond = new(caddytls.OnDemandConfig) } + if ond.PermissionRaw != nil { + return nil, d.Err("on-demand TLS permission module (or 'ask') already specified") + } perm := caddytls.PermissionByHTTP{Endpoint: d.Val()} ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", "http", nil) + case "permission": + if !d.NextArg() { + return nil, d.ArgErr() + } + if ond == nil { + ond = new(caddytls.OnDemandConfig) + } + if ond.PermissionRaw != nil { + return nil, d.Err("on-demand TLS permission module (or 'ask') already specified") + } + modName := d.Val() + modID := "tls.permission." + modName + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return nil, err + } + perm, ok := unm.(caddytls.OnDemandPermission) + if !ok { + return nil, d.Errf("module %s (%T) is not an on-demand TLS permission module", modID, unm) + } + ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", modName, nil) + case "interval": if !d.NextArg() { return nil, d.ArgErr() diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index e0ce4ebf7..528cea6c8 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -181,19 +181,13 @@ func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) { if err != nil { return nil, fmt.Errorf("getting server identity credentials: %v", err) } - if tlsConfig == nil { - tlsConfig = new(tls.Config) - } - tlsConfig.Certificates = certs + tlsConfig = &tls.Config{Certificates: certs} } else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" { cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile) if err != nil { return nil, err } - if tlsConfig == nil { - tlsConfig = new(tls.Config) - } - tlsConfig.Certificates = []tls.Certificate{cert} + tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}} } // trusted server certs |