From cb86319bd50322d4ac9e730b2fc5639daa24b82a Mon Sep 17 00:00:00 2001
From: Zach Galvin <18235421+zachgalvin@users.noreply.github.com>
Date: Tue, 9 Jan 2024 17:14:51 -0600
Subject: [PATCH] httpcaddyfile: Support client auth verifiers (#6022)

* Added verifier case

Update author

* Update verifier to match struct tag

* gci run
---
 caddyconfig/httpcaddyfile/builtins.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go
index 568028388..f345a676f 100644
--- a/caddyconfig/httpcaddyfile/builtins.go
+++ b/caddyconfig/httpcaddyfile/builtins.go
@@ -219,6 +219,24 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
 				for nesting := h.Nesting(); h.NextBlock(nesting); {
 					subdir := h.Val()
 					switch subdir {
+					case "verifier":
+						if !h.NextArg() {
+							return nil, h.ArgErr()
+						}
+
+						vType := h.Val()
+						modID := "tls.client_auth." + vType
+						unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID)
+						if err != nil {
+							return nil, err
+						}
+
+						_, ok := unm.(caddytls.ClientCertificateVerifier)
+						if !ok {
+							return nil, h.Dispenser.Errf("module %s is not a caddytls.ClientCertificatVerifier", modID)
+						}
+
+						cp.ClientAuthentication.VerifiersRaw = append(cp.ClientAuthentication.VerifiersRaw, caddyconfig.JSONModuleObject(unm, "verifier", vType, h.warnings))
 					case "mode":
 						if !h.Args(&cp.ClientAuthentication.Mode) {
 							return nil, h.ArgErr()