diff --git a/cmd/step-ca/main.go b/cmd/step-ca/main.go index 3f345092..0486cd5f 100644 --- a/cmd/step-ca/main.go +++ b/cmd/step-ca/main.go @@ -91,7 +91,7 @@ func main() { app.HelpName = "step-ca" app.Version = config.Version() app.Usage = "an online certificate authority for secure automated certificate management" - app.UsageText = `**step-ca** [**--password-file**=] [**--help**] [**--version**]` + app.UsageText = `**step-ca** [**--password-file**=] [**--resolver**=] [**--help**] [**--version**]` app.Description = `**step-ca** runs the Step Online Certificate Authority (Step CA) using the given configuration. See the README.md for more detailed configuration documentation. diff --git a/commands/app.go b/commands/app.go index 36155bd9..51a89428 100644 --- a/commands/app.go +++ b/commands/app.go @@ -2,8 +2,10 @@ package commands import ( "bytes" + "context" "fmt" "io/ioutil" + "net" "net/http" "os" "unicode" @@ -20,19 +22,25 @@ var AppCommand = cli.Command{ Name: "start", Action: appAction, UsageText: `**step-ca** - [**--password-file**=]`, + [**--password-file**=] + [**--resolver**=]`, Flags: []cli.Flag{ cli.StringFlag{ Name: "password-file", Usage: `path to the containing the password to decrypt the intermediate private key.`, }, + cli.StringFlag{ + Name: "resolver", + Usage: `address of a DNS resolver to be used instead of the default.`, + }, }, } // AppAction is the action used when the top command runs. func appAction(ctx *cli.Context) error { passFile := ctx.String("password-file") + resolver := ctx.String("resolver") // If zero cmd line args show help, if >1 cmd line args show error. if ctx.NArg() == 0 { @@ -56,6 +64,14 @@ func appAction(ctx *cli.Context) error { password = bytes.TrimRightFunc(password, unicode.IsSpace) } + // replace resolver if requested + if resolver != "" { + net.DefaultResolver.PreferGo = true + net.DefaultResolver.Dial = func(ctx context.Context, network, address string) (net.Conn, error) { + return net.Dial(network, resolver) + } + } + srv, err := ca.New(config, ca.WithConfigFile(configFile), ca.WithPassword(password)) if err != nil { fatal(err)