| 537 | } |
| 538 | |
| 539 | func (t *TLSConfig) unmarshalCaddyfile(d *caddyfile.Dispenser) error { |
| 540 | for nesting := d.Nesting(); d.NextBlock(nesting); { |
| 541 | switch d.Val() { |
| 542 | case "ca": |
| 543 | if !d.NextArg() { |
| 544 | return d.ArgErr() |
| 545 | } |
| 546 | modStem := d.Val() |
| 547 | modID := "tls.ca_pool.source." + modStem |
| 548 | unm, err := caddyfile.UnmarshalModule(d, modID) |
| 549 | if err != nil { |
| 550 | return err |
| 551 | } |
| 552 | ca, ok := unm.(CA) |
| 553 | if !ok { |
| 554 | return d.Errf("module %s is not a caddytls.CA", modID) |
| 555 | } |
| 556 | t.CARaw = caddyconfig.JSONModuleObject(ca, "provider", modStem, nil) |
| 557 | case "insecure_skip_verify": |
| 558 | t.InsecureSkipVerify = true |
| 559 | case "handshake_timeout": |
| 560 | if !d.NextArg() { |
| 561 | return d.ArgErr() |
| 562 | } |
| 563 | dur, err := caddy.ParseDuration(d.Val()) |
| 564 | if err != nil { |
| 565 | return d.Errf("bad timeout value '%s': %v", d.Val(), err) |
| 566 | } |
| 567 | t.HandshakeTimeout = caddy.Duration(dur) |
| 568 | case "server_name": |
| 569 | if !d.Args(&t.ServerName) { |
| 570 | return d.ArgErr() |
| 571 | } |
| 572 | case "renegotiation": |
| 573 | if !d.Args(&t.Renegotiation) { |
| 574 | return d.ArgErr() |
| 575 | } |
| 576 | switch t.Renegotiation { |
| 577 | case "never", "once", "freely": |
| 578 | continue |
| 579 | default: |
| 580 | t.Renegotiation = "" |
| 581 | return d.Errf("unrecognized renegotiation level: %s", t.Renegotiation) |
| 582 | } |
| 583 | default: |
| 584 | return d.Errf("unrecognized directive: %s", d.Val()) |
| 585 | } |
| 586 | } |
| 587 | return nil |
| 588 | } |
| 589 | |
| 590 | // MakeTLSClientConfig returns a tls.Config usable by a client to a backend. |
| 591 | // If there is no custom TLS configuration, a nil config may be returned. |