mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-26 02:21:28 +00:00
Fix acme issuer
This commit is contained in:
parent
eb0ef439d6
commit
767cd55817
|
@ -133,19 +133,18 @@ func NewTLSConfig(ctx context.Context, logger log.Logger, options option.Inbound
|
|||
var acmeService adapter.Service
|
||||
var err error
|
||||
if options.ACME != nil && len(options.ACME.Domain) > 0 {
|
||||
tlsConfig, acmeService, err = startACME(ctx, common.PtrValueOrDefault(options.ACME))
|
||||
tlsConfig, acmeService, err = startACME(ctx, logger, common.PtrValueOrDefault(options.ACME))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else {
|
||||
tlsConfig = &tls.Config{}
|
||||
}
|
||||
tlsConfig.NextProtos = []string{}
|
||||
if options.ServerName != "" {
|
||||
tlsConfig.ServerName = options.ServerName
|
||||
}
|
||||
if len(options.ALPN) > 0 {
|
||||
tlsConfig.NextProtos = options.ALPN
|
||||
tlsConfig.NextProtos = append(tlsConfig.NextProtos, options.ALPN...)
|
||||
}
|
||||
if options.MinVersion != "" {
|
||||
minVersion, err := option.ParseTLSVersion(options.MinVersion)
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
"github.com/sagernet/sing-box/adapter"
|
||||
"github.com/sagernet/sing-box/option"
|
||||
E "github.com/sagernet/sing/common/exceptions"
|
||||
"github.com/sagernet/sing/common/logger"
|
||||
)
|
||||
|
||||
type acmeWrapper struct {
|
||||
|
@ -28,7 +29,7 @@ func (w *acmeWrapper) Close() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
||||
func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
||||
var acmeServer string
|
||||
switch options.Provider {
|
||||
case "", "letsencrypt":
|
||||
|
@ -46,11 +47,15 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
|
|||
storage = &certmagic.FileStorage{
|
||||
Path: options.DataDirectory,
|
||||
}
|
||||
} else {
|
||||
storage = certmagic.Default.Storage
|
||||
}
|
||||
config := certmagic.New(certmagic.NewCache(certmagic.CacheOptions{}), certmagic.Config{
|
||||
config := &certmagic.Config{
|
||||
DefaultServerName: options.DefaultServerName,
|
||||
Issuers: []certmagic.Issuer{
|
||||
&certmagic.ACMEIssuer{
|
||||
Storage: storage,
|
||||
}
|
||||
config.Issuers = []certmagic.Issuer{
|
||||
certmagic.NewACMEIssuer(config, certmagic.ACMEIssuer{
|
||||
CA: acmeServer,
|
||||
Email: options.Email,
|
||||
Agreed: true,
|
||||
|
@ -58,9 +63,12 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
|
|||
DisableTLSALPNChallenge: options.DisableTLSALPNChallenge,
|
||||
AltHTTPPort: int(options.AlternativeHTTPPort),
|
||||
AltTLSALPNPort: int(options.AlternativeTLSPort),
|
||||
}),
|
||||
}
|
||||
config = certmagic.New(certmagic.NewCache(certmagic.CacheOptions{
|
||||
GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) {
|
||||
return config, nil
|
||||
},
|
||||
},
|
||||
Storage: storage,
|
||||
})
|
||||
}), *config)
|
||||
return config.TLSConfig(), &acmeWrapper{ctx, config, options.Domain}, nil
|
||||
}
|
||||
|
|
|
@ -9,8 +9,9 @@ import (
|
|||
"github.com/sagernet/sing-box/adapter"
|
||||
"github.com/sagernet/sing-box/option"
|
||||
E "github.com/sagernet/sing/common/exceptions"
|
||||
"github.com/sagernet/sing/common/logger"
|
||||
)
|
||||
|
||||
func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
||||
func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
|
||||
return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue