OrgGo
/
caddy
mirror of https://github.com/caddyserver/caddy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

caddytls: Set Issuer properly on automation policies (fix #3150) 

When using the default automation policy specifically, ap.Issuer would
be nil, so we'd end up overwriting the ap.magic.Issuer's default value
(after New()) with nil; this instead sets Issuer on the template before
New() is called, and no overwriting is done.
This commit is contained in:
Matthew Holt 2020-03-15 09:24:24 -06:00
parent 2ce3deb540
commit 115b877e1a
No known key found for this signature in database
GPG Key ID: 2A349DD577D586A5
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
modules/caddytls/tls.go
View File

@ -479,6 +479,9 @@ type AutomationPolicy struct {
// TODO: is this really necessary per-policy? why not a global setting... // TODO: is this really necessary per-policy? why not a global setting...
ManageSync bool `json:"manage_sync,omitempty"` ManageSync bool `json:"manage_sync,omitempty"`
// Issuer stores the decoded issuer parameters. This is only
// used to populate an underlying certmagic.Config's Issuer
// field; it is not referenced thereafter.
Issuer certmagic.Issuer `json:"-"` Issuer certmagic.Issuer `json:"-"`
magic *certmagic.Config magic *certmagic.Config
@ -527,6 +530,14 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error {
} }
} }
if ap.IssuerRaw != nil {
val, err := tlsApp.ctx.LoadModule(ap, "IssuerRaw")
if err != nil {
return fmt.Errorf("loading TLS automation management module: %s", err)
}
ap.Issuer = val.(certmagic.Issuer)
}
keySource := certmagic.StandardKeyGenerator{ keySource := certmagic.StandardKeyGenerator{
KeyType: supportedCertKeyTypes[ap.KeyType], KeyType: supportedCertKeyTypes[ap.KeyType],
} }
@ -542,17 +553,13 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error {
KeySource: keySource, KeySource: keySource,
OnDemand: ond, OnDemand: ond,
Storage: storage, Storage: storage,
Issuer: ap.Issuer, // if nil, certmagic.New() will set default in returned Config
}
if rev, ok := ap.Issuer.(certmagic.Revoker); ok {
template.Revoker = rev
} }
ap.magic = certmagic.New(tlsApp.certCache, template) ap.magic = certmagic.New(tlsApp.certCache, template)
if ap.IssuerRaw != nil {
val, err := tlsApp.ctx.LoadModule(ap, "IssuerRaw")
if err != nil {
return fmt.Errorf("loading TLS automation management module: %s", err)
}
ap.Issuer = val.(certmagic.Issuer)
}
// sometimes issuers may need the parent certmagic.Config in // sometimes issuers may need the parent certmagic.Config in
// order to function properly (for example, ACMEIssuer needs // order to function properly (for example, ACMEIssuer needs
// access to the correct storage and cache so it can solve // access to the correct storage and cache so it can solve
@ -562,11 +569,6 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error {
configger.SetConfig(ap.magic) configger.SetConfig(ap.magic)
} }
ap.magic.Issuer = ap.Issuer
if rev, ok := ap.Issuer.(certmagic.Revoker); ok {
ap.magic.Revoker = rev
}
return nil return nil
} }