pogpp/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

feat: CA Server Name. (#590)

Browse source
This commit is contained in:
Ludovic Fernandez 2018-07-01 01:12:36 +02:00 committed by GitHub
parent a2543a2fde
commit 9bb5589e17
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
acme/http.go
View file

@ -34,7 +34,8 @@ var (
ResponseHeaderTimeout: 15 * time.Second, ResponseHeaderTimeout: 15 * time.Second,
ExpectContinueTimeout: 1 * time.Second, ExpectContinueTimeout: 1 * time.Second,
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
RootCAs: initCertPool(), ServerName: os.Getenv(caServerNameEnvVar),
RootCAs: initCertPool(),
}, },
}, },
} }
@ -53,6 +54,12 @@ const (
// authenticate an ACME server with a HTTPS certificate not issued by a CA in // authenticate an ACME server with a HTTPS certificate not issued by a CA in
// the system-wide trusted root list. // the system-wide trusted root list.
caCertificatesEnvVar = "LEGO_CA_CERTIFICATES" caCertificatesEnvVar = "LEGO_CA_CERTIFICATES"
// caServerNameEnvVar is the environment variable name that can be used to
// specify the CA server name that can be used to
// authenticate an ACME server with a HTTPS certificate not issued by a CA in
// the system-wide trusted root list.
caServerNameEnvVar = "LEGO_CA_SERVER_NAME"
) )
// initCertPool creates a *x509.CertPool populated with the PEM certificates // initCertPool creates a *x509.CertPool populated with the PEM certificates