Fix acme issuer

This commit is contained in:
世界 2022-08-19 18:05:26 +08:00
parent eb0ef439d6
commit 767cd55817
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
3 changed files with 26 additions and 18 deletions

View file

@ -133,19 +133,18 @@ func NewTLSConfig(ctx context.Context, logger log.Logger, options option.Inbound
var acmeService adapter.Service var acmeService adapter.Service
var err error var err error
if options.ACME != nil && len(options.ACME.Domain) > 0 { if options.ACME != nil && len(options.ACME.Domain) > 0 {
tlsConfig, acmeService, err = startACME(ctx, common.PtrValueOrDefault(options.ACME)) tlsConfig, acmeService, err = startACME(ctx, logger, common.PtrValueOrDefault(options.ACME))
if err != nil { if err != nil {
return nil, err return nil, err
} }
} else { } else {
tlsConfig = &tls.Config{} tlsConfig = &tls.Config{}
} }
tlsConfig.NextProtos = []string{}
if options.ServerName != "" { if options.ServerName != "" {
tlsConfig.ServerName = options.ServerName tlsConfig.ServerName = options.ServerName
} }
if len(options.ALPN) > 0 { if len(options.ALPN) > 0 {
tlsConfig.NextProtos = options.ALPN tlsConfig.NextProtos = append(tlsConfig.NextProtos, options.ALPN...)
} }
if options.MinVersion != "" { if options.MinVersion != "" {
minVersion, err := option.ParseTLSVersion(options.MinVersion) minVersion, err := option.ParseTLSVersion(options.MinVersion)

View file

@ -11,6 +11,7 @@ import (
"github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/option" "github.com/sagernet/sing-box/option"
E "github.com/sagernet/sing/common/exceptions" E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/logger"
) )
type acmeWrapper struct { type acmeWrapper struct {
@ -28,7 +29,7 @@ func (w *acmeWrapper) Close() error {
return nil return nil
} }
func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) { func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
var acmeServer string var acmeServer string
switch options.Provider { switch options.Provider {
case "", "letsencrypt": case "", "letsencrypt":
@ -46,11 +47,15 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
storage = &certmagic.FileStorage{ storage = &certmagic.FileStorage{
Path: options.DataDirectory, Path: options.DataDirectory,
} }
} else {
storage = certmagic.Default.Storage
} }
config := certmagic.New(certmagic.NewCache(certmagic.CacheOptions{}), certmagic.Config{ config := &certmagic.Config{
DefaultServerName: options.DefaultServerName, DefaultServerName: options.DefaultServerName,
Issuers: []certmagic.Issuer{ Storage: storage,
&certmagic.ACMEIssuer{ }
config.Issuers = []certmagic.Issuer{
certmagic.NewACMEIssuer(config, certmagic.ACMEIssuer{
CA: acmeServer, CA: acmeServer,
Email: options.Email, Email: options.Email,
Agreed: true, Agreed: true,
@ -58,9 +63,12 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
DisableTLSALPNChallenge: options.DisableTLSALPNChallenge, DisableTLSALPNChallenge: options.DisableTLSALPNChallenge,
AltHTTPPort: int(options.AlternativeHTTPPort), AltHTTPPort: int(options.AlternativeHTTPPort),
AltTLSALPNPort: int(options.AlternativeTLSPort), AltTLSALPNPort: int(options.AlternativeTLSPort),
}),
}
config = certmagic.New(certmagic.NewCache(certmagic.CacheOptions{
GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) {
return config, nil
}, },
}, }), *config)
Storage: storage,
})
return config.TLSConfig(), &acmeWrapper{ctx, config, options.Domain}, nil return config.TLSConfig(), &acmeWrapper{ctx, config, options.Domain}, nil
} }

View file

@ -9,8 +9,9 @@ import (
"github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/option" "github.com/sagernet/sing-box/option"
E "github.com/sagernet/sing/common/exceptions" E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/logger"
) )
func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) { func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`) return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`)
} }