3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

autocert: store certificates separately from config certificates (#1794)

Browse source
This commit is contained in:
Caleb Doxsey 2021-01-21 13:13:55 -07:00 committed by GitHub
parent 70b4497595
commit c90eda5622
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 87 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

16
internal/autocert/manager.go
View file

@ -98,19 +98,19 @@ func newManager(ctx context.Context,
return mgr, nil
}
func (mgr *Manager) getCertMagicConfig(options *config.Options) (*certmagic.Config, error) {
mgr.certmagic.MustStaple = options.AutocertOptions.MustStaple
func (mgr *Manager) getCertMagicConfig(cfg *config.Config) (*certmagic.Config, error) {
mgr.certmagic.MustStaple = cfg.Options.AutocertOptions.MustStaple
mgr.certmagic.OnDemand = nil // disable on-demand
mgr.certmagic.Storage = &certmagic.FileStorage{Path: options.AutocertOptions.Folder}
mgr.certmagic.Storage = &certmagic.FileStorage{Path: cfg.Options.AutocertOptions.Folder}
// add existing certs to the cache, and staple OCSP
for _, cert := range options.Certificates {
for _, cert := range cfg.AllCertificates() {
if err := mgr.certmagic.CacheUnmanagedTLSCertificate(cert, nil); err != nil {
return nil, fmt.Errorf("config: failed caching cert: %w", err)
}
}
acmeMgr := certmagic.NewACMEManager(mgr.certmagic, mgr.acmeTemplate)
acmeMgr.Agreed = true
if options.AutocertOptions.UseStaging {
if cfg.Options.AutocertOptions.UseStaging {
acmeMgr.CA = acmeMgr.TestCA
}
acmeMgr.DisableTLSALPNChallenge = true
@ -125,7 +125,7 @@ func (mgr *Manager) renewConfigCerts() error {
defer mgr.mu.Unlock()
cfg := mgr.config
cm, err := mgr.getCertMagicConfig(cfg.Options)
cm, err := mgr.getCertMagicConfig(cfg)
if err != nil {
return err
}
@ -197,7 +197,7 @@ func (mgr *Manager) updateAutocert(cfg *config.Config) error {
return nil
}
cm, err := mgr.getCertMagicConfig(cfg.Options)
cm, err := mgr.getCertMagicConfig(cfg)
if err != nil {
return err
}
@ -219,7 +219,7 @@ func (mgr *Manager) updateAutocert(cfg *config.Config) error {
}
log.Info().Strs("names", cert.Names).Msg("autocert: added certificate")
cfg.Options.Certificates = append(cfg.Options.Certificates, cert.Certificate)
cfg.AutoCertificates = append(cfg.AutoCertificates, cert.Certificate)
}
return nil