search

dns3l / dns3l-core

Core functionality of dns3l written in Go
1 stars 3 forks source link

Daemon publishing incorrect CA config #60

Closed iaean closed 5 months ago

iaean commented 1 year ago

Even if a CA is configured as disabled

ca:
  providers:
    id:
      type: acme
      catype: public
      enabled: false

it is populated as enabled

{
  "id": "id",
  "type": "public",
  "acme": true,
  "enabled": true
}

This is breaking clients that rely on that. Daemon version: 1.1.4.

In the same context it would be great if we can ensure that an error is raised to the client if he tries to utilize a disabled CA. Maybe we ensure also that a rtzn is never pinned to a disabled CA resulting in rtzn: [].

iaean commented 5 months ago

Seems not fixed. Still there in 1.2.2.

lnobach commented 5 months ago

Please try disabled: true to disable a CA. The reason for this kind of inversion is that I try to keep the config's boolean values to always default to false if they are not mentioned.

Source: https://github.com/dns3l/dns3l-core/blob/b939ba6416c6424367587c2d526f241a86012974/ca/acme/config.go#L10

Please tell me if this works as expected.

lnobach commented 5 months ago

I see this is not described in the config-example.yaml for CAs. I will update this with a future release.

iaean commented 5 months ago

That's it. Thx 4 updating the doc.