From 54fdba3f1346f05a9dc5c628de1a479dd4816fad Mon Sep 17 00:00:00 2001
From: Erik Wilson <Erik.E.Wilson@gmail.com>
Date: Tue, 28 May 2019 17:31:11 -0700
Subject: [PATCH] Use CA cert & key from user tls config

---
 server.go | 23 ++++++++++++++++++-----
 types.go  |  1 +
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/server.go b/server.go
index 896acdf..c839da5 100644
--- a/server.go
+++ b/server.go
@@ -424,12 +424,25 @@ func (s *server) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, e
 	changed = true
 
 	if s.activeCA == nil {
-		ca, key, err := genCA()
-		if err != nil {
-			return nil, err
+		if s.userConfig.CACerts != "" && s.userConfig.CAKey != "" {
+			ca, err := cert.ParseCertsPEM([]byte(s.userConfig.CACerts))
+			if err != nil {
+				return nil, err
+			}
+			key, err := cert.ParsePrivateKeyPEM([]byte(s.userConfig.CAKey))
+			if err != nil {
+				return nil, err
+			}
+			s.activeCA = ca[0]
+			s.activeCAKey = key.(crypto.Signer)
+		} else {
+			ca, key, err := genCA()
+			if err != nil {
+				return nil, err
+			}
+			s.activeCA = ca
+			s.activeCAKey = key
 		}
-		s.activeCA = ca
-		s.activeCAKey = key
 	}
 
 	cfg := cert.Config{
diff --git a/types.go b/types.go
index 87527bd..7fabf1c 100644
--- a/types.go
+++ b/types.go
@@ -29,6 +29,7 @@ type UserConfig struct {
 	Mode        string
 	NoCACerts   bool
 	CACerts     string
+	CAKey       string
 	Cert        string
 	Key         string
 	BindAddress string