From a79b4055e56dc4e2f2caaae9aea555d1be471948 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 14:19:50 -0500 Subject: [PATCH] caddytls: Add internal Caddyfile `lifetime`, `sign_with_root` opts (#4513) --- .../caddyfile_adapt/tls_internal_options.txt | 54 +++++++++++++++++++ modules/caddytls/internalissuer.go | 21 +++++++- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_internal_options.txt diff --git a/caddytest/integration/caddyfile_adapt/tls_internal_options.txt b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt new file mode 100644 index 00000000000..7298a370779 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt @@ -0,0 +1,54 @@ +a.example.com { + tls { + issuer internal { + ca foo + lifetime 24h + sign_with_root + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.example.com" + ], + "issuers": [ + { + "ca": "foo", + "lifetime": 86400000000000, + "module": "internal", + "sign_with_root": true + } + ] + } + ] + } + } + } +} \ No newline at end of file diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 5de3af56c5f..ba6055edda9 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -149,7 +149,9 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // // ... internal { -// ca +// ca +// lifetime +// sign_with_root // } // func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -160,6 +162,23 @@ func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.AllArgs(&iss.CA) { return d.ArgErr() } + + case "lifetime": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return err + } + iss.Lifetime = caddy.Duration(dur) + + case "sign_with_root": + if d.NextArg() { + return d.ArgErr() + } + iss.SignWithRoot = true + } } }