mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-29 12:01:29 +00:00
Fix acme issuer
This commit is contained in:
parent
eb0ef439d6
commit
767cd55817
|
@ -133,19 +133,18 @@ func NewTLSConfig(ctx context.Context, logger log.Logger, options option.Inbound
|
||||||
var acmeService adapter.Service
|
var acmeService adapter.Service
|
||||||
var err error
|
var err error
|
||||||
if options.ACME != nil && len(options.ACME.Domain) > 0 {
|
if options.ACME != nil && len(options.ACME.Domain) > 0 {
|
||||||
tlsConfig, acmeService, err = startACME(ctx, common.PtrValueOrDefault(options.ACME))
|
tlsConfig, acmeService, err = startACME(ctx, logger, common.PtrValueOrDefault(options.ACME))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
tlsConfig = &tls.Config{}
|
tlsConfig = &tls.Config{}
|
||||||
}
|
}
|
||||||
tlsConfig.NextProtos = []string{}
|
|
||||||
if options.ServerName != "" {
|
if options.ServerName != "" {
|
||||||
tlsConfig.ServerName = options.ServerName
|
tlsConfig.ServerName = options.ServerName
|
||||||
}
|
}
|
||||||
if len(options.ALPN) > 0 {
|
if len(options.ALPN) > 0 {
|
||||||
tlsConfig.NextProtos = options.ALPN
|
tlsConfig.NextProtos = append(tlsConfig.NextProtos, options.ALPN...)
|
||||||
}
|
}
|
||||||
if options.MinVersion != "" {
|
if options.MinVersion != "" {
|
||||||
minVersion, err := option.ParseTLSVersion(options.MinVersion)
|
minVersion, err := option.ParseTLSVersion(options.MinVersion)
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"github.com/sagernet/sing-box/adapter"
|
"github.com/sagernet/sing-box/adapter"
|
||||||
"github.com/sagernet/sing-box/option"
|
"github.com/sagernet/sing-box/option"
|
||||||
E "github.com/sagernet/sing/common/exceptions"
|
E "github.com/sagernet/sing/common/exceptions"
|
||||||
|
"github.com/sagernet/sing/common/logger"
|
||||||
)
|
)
|
||||||
|
|
||||||
type acmeWrapper struct {
|
type acmeWrapper struct {
|
||||||
|
@ -28,7 +29,7 @@ func (w *acmeWrapper) Close() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
||||||
var acmeServer string
|
var acmeServer string
|
||||||
switch options.Provider {
|
switch options.Provider {
|
||||||
case "", "letsencrypt":
|
case "", "letsencrypt":
|
||||||
|
@ -46,11 +47,15 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
|
||||||
storage = &certmagic.FileStorage{
|
storage = &certmagic.FileStorage{
|
||||||
Path: options.DataDirectory,
|
Path: options.DataDirectory,
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
storage = certmagic.Default.Storage
|
||||||
}
|
}
|
||||||
config := certmagic.New(certmagic.NewCache(certmagic.CacheOptions{}), certmagic.Config{
|
config := &certmagic.Config{
|
||||||
DefaultServerName: options.DefaultServerName,
|
DefaultServerName: options.DefaultServerName,
|
||||||
Issuers: []certmagic.Issuer{
|
Storage: storage,
|
||||||
&certmagic.ACMEIssuer{
|
}
|
||||||
|
config.Issuers = []certmagic.Issuer{
|
||||||
|
certmagic.NewACMEIssuer(config, certmagic.ACMEIssuer{
|
||||||
CA: acmeServer,
|
CA: acmeServer,
|
||||||
Email: options.Email,
|
Email: options.Email,
|
||||||
Agreed: true,
|
Agreed: true,
|
||||||
|
@ -58,9 +63,12 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
|
||||||
DisableTLSALPNChallenge: options.DisableTLSALPNChallenge,
|
DisableTLSALPNChallenge: options.DisableTLSALPNChallenge,
|
||||||
AltHTTPPort: int(options.AlternativeHTTPPort),
|
AltHTTPPort: int(options.AlternativeHTTPPort),
|
||||||
AltTLSALPNPort: int(options.AlternativeTLSPort),
|
AltTLSALPNPort: int(options.AlternativeTLSPort),
|
||||||
|
}),
|
||||||
|
}
|
||||||
|
config = certmagic.New(certmagic.NewCache(certmagic.CacheOptions{
|
||||||
|
GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) {
|
||||||
|
return config, nil
|
||||||
},
|
},
|
||||||
},
|
}), *config)
|
||||||
Storage: storage,
|
|
||||||
})
|
|
||||||
return config.TLSConfig(), &acmeWrapper{ctx, config, options.Domain}, nil
|
return config.TLSConfig(), &acmeWrapper{ctx, config, options.Domain}, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,9 @@ import (
|
||||||
"github.com/sagernet/sing-box/adapter"
|
"github.com/sagernet/sing-box/adapter"
|
||||||
"github.com/sagernet/sing-box/option"
|
"github.com/sagernet/sing-box/option"
|
||||||
E "github.com/sagernet/sing/common/exceptions"
|
E "github.com/sagernet/sing/common/exceptions"
|
||||||
|
"github.com/sagernet/sing/common/logger"
|
||||||
)
|
)
|
||||||
|
|
||||||
func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
||||||
return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`)
|
return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue