Skip to content

Commit

Permalink
caddytls: Add internal Caddyfile lifetime, sign_with_root opts
Browse files Browse the repository at this point in the history
  • Loading branch information
francislavoie committed Jan 9, 2022
1 parent c634bbe commit da2e4c9
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 1 deletion.
54 changes: 54 additions & 0 deletions caddytest/integration/caddyfile_adapt/tls_internal_options.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
a.example.com {
tls {
issuer internal {
ca foo
lifetime 24h
sign_with_root
}
}
}
----------
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"a.example.com"
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"subjects": [
"a.example.com"
],
"issuers": [
{
"ca": "foo",
"lifetime": 86400000000000,
"module": "internal",
"sign_with_root": true
}
]
}
]
}
}
}
}
21 changes: 20 additions & 1 deletion modules/caddytls/internalissuer.go
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,9 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques
// UnmarshalCaddyfile deserializes Caddyfile tokens into iss.
//
// ... internal {
// ca <name>
// ca <name>
// lifetime <duration>
// sign_with_root
// }
//
func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
Expand All @@ -160,6 +162,23 @@ func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
if !d.AllArgs(&iss.CA) {
return d.ArgErr()
}

case "lifetime":
if !d.NextArg() {
return d.ArgErr()
}
dur, err := caddy.ParseDuration(d.Val())
if err != nil {
return err
}
iss.Lifetime = caddy.Duration(dur)

case "sign_with_root":
if d.NextArg() {
return d.ArgErr()
}
iss.SignWithRoot = true

}
}
}
Expand Down

0 comments on commit da2e4c9

Please sign in to comment.