1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00

caddytls: Set Issuer properly on automation policies (fix #3150)

When using the default automation policy specifically, ap.Issuer would
be nil, so we'd end up overwriting the ap.magic.Issuer's default value
(after New()) with nil; this instead sets Issuer on the template before
New() is called, and no overwriting is done.
This commit is contained in:
Matthew Holt 2020-03-15 09:24:24 -06:00
parent 2ce3deb540
commit 115b877e1a
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5

View file

@ -479,6 +479,9 @@ type AutomationPolicy struct {
// TODO: is this really necessary per-policy? why not a global setting...
ManageSync bool `json:"manage_sync,omitempty"`
// Issuer stores the decoded issuer parameters. This is only
// used to populate an underlying certmagic.Config's Issuer
// field; it is not referenced thereafter.
Issuer certmagic.Issuer `json:"-"`
magic *certmagic.Config
@ -527,6 +530,14 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error {
}
}
if ap.IssuerRaw != nil {
val, err := tlsApp.ctx.LoadModule(ap, "IssuerRaw")
if err != nil {
return fmt.Errorf("loading TLS automation management module: %s", err)
}
ap.Issuer = val.(certmagic.Issuer)
}
keySource := certmagic.StandardKeyGenerator{
KeyType: supportedCertKeyTypes[ap.KeyType],
}
@ -542,17 +553,13 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error {
KeySource: keySource,
OnDemand: ond,
Storage: storage,
Issuer: ap.Issuer, // if nil, certmagic.New() will set default in returned Config
}
if rev, ok := ap.Issuer.(certmagic.Revoker); ok {
template.Revoker = rev
}
ap.magic = certmagic.New(tlsApp.certCache, template)
if ap.IssuerRaw != nil {
val, err := tlsApp.ctx.LoadModule(ap, "IssuerRaw")
if err != nil {
return fmt.Errorf("loading TLS automation management module: %s", err)
}
ap.Issuer = val.(certmagic.Issuer)
}
// sometimes issuers may need the parent certmagic.Config in
// order to function properly (for example, ACMEIssuer needs
// access to the correct storage and cache so it can solve
@ -562,11 +569,6 @@ func (ap *AutomationPolicy) provision(tlsApp *TLS) error {
configger.SetConfig(ap.magic)
}
ap.magic.Issuer = ap.Issuer
if rev, ok := ap.Issuer.(certmagic.Revoker); ok {
ap.magic.Revoker = rev
}
return nil
}