MCPcopy
hub / github.com/caddyserver/caddy / provision

Method provision

modules/caddytls/connpolicy.go:778–821  ·  view source on GitHub ↗
(ctx caddy.Context)

Source from the content-addressed store, hash-verified

776}
777
778func (clientauth *ClientAuthentication) provision(ctx caddy.Context) error {
779 if len(clientauth.CARaw) > 0 && (len(clientauth.TrustedCACerts) > 0 || len(clientauth.TrustedCACertPEMFiles) > 0) {
780 return fmt.Errorf("conflicting config for client authentication trust CA")
781 }
782
783 // convert all named file paths to inline
784 if len(clientauth.TrustedCACertPEMFiles) > 0 {
785 for _, fpath := range clientauth.TrustedCACertPEMFiles {
786 ders, err := convertPEMFilesToDER(fpath)
787 if err != nil {
788 return err
789 }
790 clientauth.TrustedCACerts = append(clientauth.TrustedCACerts, ders...)
791 }
792 }
793
794 // if we have TrustedCACerts explicitly set, create an 'inline' CA and return
795 if len(clientauth.TrustedCACerts) > 0 {
796 caPool := InlineCAPool{
797 TrustedCACerts: clientauth.TrustedCACerts,
798 }
799 err := caPool.Provision(ctx)
800 if err != nil {
801 return err
802 }
803 clientauth.ca = caPool
804 }
805
806 // if we don't have any CARaw set, there's not much work to do
807 if clientauth.CARaw == nil {
808 return nil
809 }
810 caRaw, err := ctx.LoadModule(clientauth, "CARaw")
811 if err != nil {
812 return err
813 }
814 ca, ok := caRaw.(CA)
815 if !ok {
816 return fmt.Errorf("'ca' module '%s' is not a certificate pool provider", ca)
817 }
818 clientauth.ca = ca
819
820 return nil
821}
822
823// Active returns true if clientauth has an actionable configuration.
824func (clientauth ClientAuthentication) Active() bool {

Callers 3

ProvisionMethod · 0.45

Calls 3

ProvisionMethod · 0.95
convertPEMFilesToDERFunction · 0.85
LoadModuleMethod · 0.80

Tested by 1