From c7d4d051cb4085e7c3db89d82eef9687f4071b73 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 12 Jan 2016 08:52:08 -0700 Subject: [PATCH 1/2] letsencrypt: Ensure no prompt if user is not there Also only set custom address if alternate port is specified (rather than using a blank address; just cleaner this way) --- caddy/letsencrypt/letsencrypt.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/caddy/letsencrypt/letsencrypt.go b/caddy/letsencrypt/letsencrypt.go index e16201a1f..a2965a104 100644 --- a/caddy/letsencrypt/letsencrypt.go +++ b/caddy/letsencrypt/letsencrypt.go @@ -342,9 +342,11 @@ func newClientPort(leEmail, port string) (*acme.Client, error) { if err != nil { return nil, err } - client.SetHTTPAddress(":" + port) - client.SetTLSAddress(":" + port) - client.ExcludeChallenges([]string{"tls-sni-01", "dns-01"}) // We can only guarantee http-01 at this time + if port != "" { + client.SetHTTPAddress(":" + port) + client.SetTLSAddress(":" + port) + } + client.ExcludeChallenges([]string{"tls-sni-01", "dns-01"}) // We can only guarantee http-01 at this time, but tls-01 should work if port is not custom! // If not registered, the user must register an account with the CA // and agree to terms @@ -355,11 +357,13 @@ func newClientPort(leEmail, port string) (*acme.Client, error) { } leUser.Registration = reg - if !Agreed && reg.TosURL == "" { - Agreed = promptUserAgreement(saURL, false) // TODO - latest URL - } - if !Agreed && reg.TosURL == "" { - return nil, errors.New("user must agree to terms") + if port == "" { // can't prompt a user who isn't there + if !Agreed && reg.TosURL == "" { + Agreed = promptUserAgreement(saURL, false) // TODO - latest URL + } + if !Agreed && reg.TosURL == "" { + return nil, errors.New("user must agree to terms") + } } err = client.AgreeToTOS() From 8f2196c04794d7b4a3eac705b9756835dc4db82b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 12 Jan 2016 08:52:43 -0700 Subject: [PATCH 2/2] tls: No arguments to directive and no block is an error --- caddy/setup/tls.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/caddy/setup/tls.go b/caddy/setup/tls.go index 9e51bc151..5b6c086e9 100644 --- a/caddy/setup/tls.go +++ b/caddy/setup/tls.go @@ -34,7 +34,9 @@ func TLS(c *Controller) (middleware.Middleware, error) { } // Optional block with extra parameters + var hadBlock bool for c.NextBlock() { + hadBlock = true switch c.Val() { case "protocols": args := c.RemainingArgs() @@ -71,6 +73,11 @@ func TLS(c *Controller) (middleware.Middleware, error) { return nil, c.Errf("Unknown keyword '%s'", c.Val()) } } + + // tls requires at least one argument if a block is not opened + if len(args) == 0 && !hadBlock { + return nil, c.ArgErr() + } } SetDefaultTLSParams(c.Config)