tls: add reuse_private_keys (#6025)

2025-10-19 15:53:17 +00:00 · 2024-01-10 04:30:31 +05:30 · 2024-01-10 04:30:31 +05:30 · ed41c924cf
commit ed41c924cf
parent d9ff7b1872
3 changed files with 32 additions and 0 deletions
--- a/caddyconfig/httpcaddyfile/builtins.go
+++ b/caddyconfig/httpcaddyfile/builtins.go
@ -90,6 +90,7 @@ func parseBind(h Helper) ([]ConfigValue, error) {
 //	    dns_ttl                       <duration>
 //	    dns_challenge_override_domain <domain>
 //	    on_demand
+//	    reuse_private_keys
 //	    eab                           <key_id> <mac_key>
 //	    issuer                        <module_name> [...]
 //	    get_certificate               <module_name> [...]
@ -106,6 +107,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 	var issuers []certmagic.Issuer
 	var certManagers []certmagic.Manager
 	var onDemand bool
+	var reusePrivateKeys bool

 	for h.Next() {
 		// file certificate loader
@ -483,6 +485,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 				}
 				onDemand = true

+			case "reuse_private_keys":
+				if h.NextArg() {
+					return nil, h.ArgErr()
+				}
+				reusePrivateKeys = true
+
 			case "insecure_secrets_log":
 				if !h.NextArg() {
 					return nil, h.ArgErr()
@ -589,6 +597,14 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 		})
 	}

+	// reuse private keys TLS
+	if reusePrivateKeys {
+		configVals = append(configVals, ConfigValue{
+			Class: "tls.reuse_private_keys",
+			Value: true,
+		})
+	}
+
 	// custom certificate selection
 	if len(certSelector.AnyTag) > 0 {
 		cp.CertSelection = &certSelector