mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-01 00:23:48 +03:00
A new feature for the "tls" directive
This commit is contained in:
parent
8a2f2f8d37
commit
cf69d190a2
3 changed files with 49 additions and 1 deletions
|
@ -404,7 +404,7 @@ const AlternatePort = "5033"
|
|||
// KeyType is the type to use for new keys.
|
||||
// This shouldn't need to change except for in tests;
|
||||
// the size can be drastically reduced for speed.
|
||||
var KeyType = acme.EC384
|
||||
var KeyType acme.KeyType
|
||||
|
||||
// stopChan is used to signal the maintenance goroutine
|
||||
// to terminate.
|
||||
|
|
|
@ -14,6 +14,7 @@ import (
|
|||
"github.com/mholt/caddy/caddy/setup"
|
||||
"github.com/mholt/caddy/middleware"
|
||||
"github.com/mholt/caddy/server"
|
||||
"github.com/xenolf/lego/acme"
|
||||
)
|
||||
|
||||
// Setup sets up the TLS configuration and installs certificates that
|
||||
|
@ -51,6 +52,13 @@ func Setup(c *setup.Controller) (middleware.Middleware, error) {
|
|||
for c.NextBlock() {
|
||||
hadBlock = true
|
||||
switch c.Val() {
|
||||
case "key_type":
|
||||
arg := c.RemainingArgs()
|
||||
value, ok := supportedKeyTypes[strings.ToUpper(arg[0])]
|
||||
if !ok {
|
||||
return nil, c.Errf("Wrong KeyType name or KeyType not supported '%s'", c.Val())
|
||||
}
|
||||
KeyType = value
|
||||
case "protocols":
|
||||
args := c.RemainingArgs()
|
||||
if len(args) != 2 {
|
||||
|
@ -220,6 +228,10 @@ func loadCertsInDir(c *setup.Controller, dir string) error {
|
|||
// port to 443 if not already set, TLS is enabled, TLS is manual, and the host
|
||||
// does not equal localhost.
|
||||
func setDefaultTLSParams(c *server.Config) {
|
||||
if KeyType == "" {
|
||||
KeyType = acme.RSA2048
|
||||
}
|
||||
|
||||
// If no ciphers provided, use default list
|
||||
if len(c.TLS.Ciphers) == 0 {
|
||||
c.TLS.Ciphers = defaultCiphers
|
||||
|
@ -247,6 +259,15 @@ func setDefaultTLSParams(c *server.Config) {
|
|||
}
|
||||
}
|
||||
|
||||
// Map of supported key types
|
||||
var supportedKeyTypes = map[string]acme.KeyType{
|
||||
"EC384": acme.EC384,
|
||||
"EC256": acme.EC256,
|
||||
"RSA8192": acme.RSA8192,
|
||||
"RSA4096": acme.RSA4096,
|
||||
"RSA2048": acme.RSA2048,
|
||||
}
|
||||
|
||||
// Map of supported protocols.
|
||||
// SSLv3 will be not supported in future release.
|
||||
// HTTP/2 only supports TLS 1.2 and higher.
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/mholt/caddy/caddy/setup"
|
||||
"github.com/xenolf/lego/acme"
|
||||
)
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
|
@ -170,6 +171,16 @@ func TestSetupParseWithWrongOptionalParams(t *testing.T) {
|
|||
if err == nil {
|
||||
t.Errorf("Expected errors, but no error returned")
|
||||
}
|
||||
|
||||
// Test key_type wrong params
|
||||
params = `tls {
|
||||
key_type ab123
|
||||
}`
|
||||
c = setup.NewTestController(params)
|
||||
_, err = Setup(c)
|
||||
if err == nil {
|
||||
t.Errorf("Expected errors, but no error returned")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSetupParseWithClientAuth(t *testing.T) {
|
||||
|
@ -203,6 +214,22 @@ func TestSetupParseWithClientAuth(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestSetupParseWithKeyType(t *testing.T) {
|
||||
params := `tls {
|
||||
key_type ec384
|
||||
}`
|
||||
c := setup.NewTestController(params)
|
||||
|
||||
_, err := Setup(c)
|
||||
if err != nil {
|
||||
t.Errorf("Expected no errors, got: %v", err)
|
||||
}
|
||||
|
||||
if KeyType != acme.EC384 {
|
||||
t.Errorf("Expected 'P384' as KeyType, got %#v", KeyType)
|
||||
}
|
||||
}
|
||||
|
||||
const (
|
||||
certFile = "test_cert.pem"
|
||||
keyFile = "test_key.pem"
|
||||
|
|
Loading…
Reference in a new issue