mirror of
https://github.com/caddyserver/caddy.git
synced 2025-04-19 10:49:17 +08:00
caddytls: Fix TrustedCACerts backwards compatibility (#6889)
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Waiting to run
Tests / test (s390x on IBM Z) (push) Waiting to run
Tests / goreleaser-check (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, aix) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, darwin) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, illumos) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, linux) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, solaris) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, windows) (push) Waiting to run
Lint / lint (macos-14, mac) (push) Waiting to run
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Lint / lint (windows-latest, windows) (push) Waiting to run
Lint / govulncheck (push) Waiting to run
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Waiting to run
Tests / test (s390x on IBM Z) (push) Waiting to run
Tests / goreleaser-check (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, aix) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, darwin) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, illumos) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, linux) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, solaris) (push) Waiting to run
Cross-Build / build (~1.24.1, 1.24, windows) (push) Waiting to run
Lint / lint (macos-14, mac) (push) Waiting to run
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Lint / lint (windows-latest, windows) (push) Waiting to run
Lint / govulncheck (push) Waiting to run
* add failing test * fix ca pool provisioning * remove unused param
This commit is contained in:
jjiang-stripe
GitHub
parent
d57ab215a2
commit
49f9af9a4a
@ -798,10 +798,14 @@ func (clientauth *ClientAuthentication) provision(ctx caddy.Context) error {
|
|||||||
|
|
||||||
// if we have TrustedCACerts explicitly set, create an 'inline' CA and return
|
// if we have TrustedCACerts explicitly set, create an 'inline' CA and return
|
||||||
if len(clientauth.TrustedCACerts) > 0 {
|
if len(clientauth.TrustedCACerts) > 0 {
|
||||||
clientauth.ca = InlineCAPool{
|
caPool := InlineCAPool{
|
||||||
TrustedCACerts: clientauth.TrustedCACerts,
|
TrustedCACerts: clientauth.TrustedCACerts,
|
||||||
}
|
}
|
||||||
return nil
|
err := caPool.Provision(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
clientauth.ca = caPool
|
||||||
}
|
}
|
||||||
|
|
||||||
// if we don't have any CARaw set, there's not much work to do
|
// if we don't have any CARaw set, there's not much work to do
|
||||||
|
|||||||
@ -20,6 +20,7 @@ import (
|
|||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/caddyserver/caddy/v2"
|
||||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -278,3 +279,49 @@ func TestClientAuthenticationUnmarshalCaddyfileWithDirectiveName(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestClientAuthenticationProvision(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
ca ClientAuthentication
|
||||||
|
wantErr bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "specifying both 'CARaw' and 'TrustedCACerts' produces an error",
|
||||||
|
ca: ClientAuthentication{
|
||||||
|
CARaw: json.RawMessage(`{"provider":"inline","trusted_ca_certs":["foo"]}`),
|
||||||
|
TrustedCACerts: []string{"foo"},
|
||||||
|
},
|
||||||
|
wantErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "specifying both 'CARaw' and 'TrustedCACertPEMFiles' produces an error",
|
||||||
|
ca: ClientAuthentication{
|
||||||
|
CARaw: json.RawMessage(`{"provider":"inline","trusted_ca_certs":["foo"]}`),
|
||||||
|
TrustedCACertPEMFiles: []string{"foo"},
|
||||||
|
},
|
||||||
|
wantErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "setting 'TrustedCACerts' provisions the cert pool",
|
||||||
|
ca: ClientAuthentication{
|
||||||
|
TrustedCACerts: []string{test_der_1},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
err := tt.ca.provision(caddy.Context{})
|
||||||
|
if (err != nil) != tt.wantErr {
|
||||||
|
t.Errorf("ClientAuthentication.provision() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if !tt.wantErr {
|
||||||
|
if tt.ca.ca.CertPool() == nil {
|
||||||
|
t.Error("CertPool is nil, expected non-nil value")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user