opensource/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-11-04 10:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

httpcaddyfile: Add auto_https ignore_loaded_certs (#4077)

Browse Source
This commit is contained in:
Francis Lavoie
2021-05-02 14:11:27 -04:00
committed by GitHub
parent 6e0e3e1537
commit ef7f15f3a4
4 changed files with 43 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
caddyconfig/httpcaddyfile/builtins.go
View File

@ -126,10 +126,10 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
// must load each cert only once; otherwise, they each get a // must load each cert only once; otherwise, they each get a
// different tag... since a cert loaded twice has the same // different tag... since a cert loaded twice has the same
// bytes, it will overwrite the first one in the cache, and // bytes, it will overwrite the first one in the cache, and
// only the last cert (and its tag) will survive, so a any conn // only the last cert (and its tag) will survive, so any conn
// policy that is looking for any tag but the last one to be // policy that is looking for any tag other than the last one
// loaded won't find it, and TLS handshakes will fail (see end) // to be loaded won't find it, and TLS handshakes will fail
// of issue #3004) // (see end of issue #3004)
// //
// tlsCertTags maps certificate filenames to their tag. // tlsCertTags maps certificate filenames to their tag.
// This is used to remember which tag is used for each // This is used to remember which tag is used for each

3
caddyconfig/httpcaddyfile/httptype.go
View File

@ -451,6 +451,9 @@ func (st *ServerType) serversFromPairings(
if autoHTTPS == "disable_redirects" { if autoHTTPS == "disable_redirects" {
srv.AutoHTTPS.DisableRedir = true srv.AutoHTTPS.DisableRedir = true
} }
if autoHTTPS == "ignore_loaded_certs" {
srv.AutoHTTPS.IgnoreLoadedCerts = true
}
} }
// sort server blocks by their keys; this is important because // sort server blocks by their keys; this is important because

4
caddyconfig/httpcaddyfile/options.go
View File

@ -379,8 +379,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro
if d.Next() { if d.Next() {
return "", d.ArgErr() return "", d.ArgErr()
} }
if val != "off" && val != "disable_redirects" { if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" {
return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'") return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'")
} }
return val, nil return val, nil
} }

34
caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt Normal file
View File

@ -0,0 +1,34 @@
{
auto_https ignore_loaded_certs
}
localhost
----------
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"localhost"
]
}
],
"terminal": true
}
],
"automatic_https": {
"ignore_loaded_certificates": true
}
}
}
}
}
}