Matthew Holt
f29a9eee0d
caddytls: nil check on storageClean fields on Stop
2019-10-02 23:39:32 -06:00
Matthew Holt
b249b45d10
tls: Change struct fields to pointers, add nil checks; rate.Burst update
...
Making them pointers makes for cleaner JSON when adapting configs, if
the struct is empty now it will be omitted entirely.
The x/time/rate package was updated to support changing the burst, so
we've incorporated that here and removed a TODO.
2019-09-30 09:07:43 -06:00
Matthew Holt
7b33c8db31
tls: Make cert and OCSP check intervals configurable
...
This enables use of ACME CAs that issue shorter-lived certs
2019-09-24 17:04:03 -07:00
Matt Holt
11696793bd
tls/acme: Ability to customize trusted roots for ACME servers ( #2756 )
...
Closes #2702
2019-09-24 15:46:39 -07:00
Matthew Holt
19f36667f7
tls: Clean up expired OCSP staples and certificates
2019-09-17 16:00:15 -06:00
Matthew Holt
f15f0d5839
Eliminate some TODOs
2019-09-14 18:05:45 -06:00
Matthew Holt
839507e24e
http: Consider wildcards when evaluating automatic HTTPS
2019-09-13 11:46:58 -06:00
Matthew Holt
ed40a5dcab
tls: Do away with SetDefaults which did nothing useful
...
CertMagic uses the same defaults for us
2019-09-12 17:31:54 -06:00
Matthew Holt
7799554baa
go.mod: Use lego v3 and CertMagic 0.7.0
2019-09-12 17:31:10 -06:00
Matthew Holt
2cb01d43cf
tls: Remove support for TLS 1.0 and TLS 1.1
2019-09-11 22:26:06 -06:00
Matthew Holt
b4dce74e59
tls: Use Let's Encrypt production endpoint
...
We're done testing this in staging
2019-09-11 18:52:07 -06:00
Matthew Holt
1ce10b453f
Require Go 1.13; use Go 1.13's default support for TLS 1.3
2019-09-10 13:11:27 -06:00
Alexandre Stein
50961ecc77
Initial implementation of TLS client authentication ( #2731 )
...
* Add support for client TLS authentication
Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com>
* make and use client authentication struct
* force StrictSNIHost if TLSConnPolicies is not empty
* Implement leafs verification
* Fixes issue when using multiple verification
* applies the comments from maintainers
* Apply comment
* Refactor/cleanup initial TLS client auth implementation
2019-09-03 09:35:36 -06:00
Matthew Holt
c9980fd367
Refactor Caddyfile adapter and module registration
...
Use piles from which to draw config values.
Module values can return their name, so now we can do two-way mapping
from value to name and name to value; whereas before we could only map
name to value. This was problematic with the Caddyfile adapter since
it receives values and needs to know the name to put in the config.
2019-08-21 10:46:35 -06:00
Matthew Holt
ab885f07b8
Implement config adapters and beginning of Caddyfile adapter
...
Along with several other changes, such as renaming caddyhttp.ServerRoute
to caddyhttp.Route, exporting some types that were not exported before,
and tweaking the caddytls TLS values to be more consistent.
Notably, we also now disable automatic cert management for names which
already have a cert (manually) loaded into the cache. These names no
longer need to be specified in the "skip_certificates" field of the
automatic HTTPS config, because they will be skipped automatically.
2019-08-09 12:05:47 -06:00
Matthew Holt
28df6cedfe
tls: Use IANA-standard cipher suite names
2019-07-18 09:52:43 -06:00
Matthew Holt
dd6aa91d72
Fix DNS provider module unmarshaling ( closes #2676 )
2019-07-18 09:15:23 -06:00
Matthew Holt
79216d356c
acmemanager: Use storage module key "module" instead of "system"
2019-07-05 09:59:46 -06:00
Matthew Holt
fdd871e177
go.mod: Append /v2 to module name; update all import paths
...
See https://github.com/golang/go/wiki/Modules#semantic-import-versioning
2019-07-02 12:37:06 -06:00
Matthew Holt
533d1afb4b
tls: Enable TLS 1.3 by default; set sane defaults on tls.Config structs
2019-07-01 11:47:46 -06:00
Matthew Holt
3177ee8010
Add license
2019-06-30 16:07:58 -06:00
Matthew Holt
2b22d2e6ea
Optionally enforce strict TLS SNI + HTTP Host matching, & misc. cleanup
...
We should look into a way to enable this by default when TLS client auth
is configured for a server
2019-06-26 16:03:29 -06:00
Matthew Holt
38677aaa58
caddytls: Support tags for manually-loaded certificates
2019-06-24 12:16:10 -06:00
Matthew Holt
81a9e125b5
Oops
2019-06-21 08:52:15 -06:00
Matthew Holt
269b1e9aa3
tls: Improve (and fix) on-demand configuration
2019-06-20 20:36:29 -06:00
Matthew Holt
6706c9225a
Implement templates handler; various minor cleanups and bug fixes
2019-06-18 11:13:12 -06:00
Matthew Holt
5137859e47
Rename caddy2 -> caddy
...
Removes the version from the package name
2019-06-14 11:58:28 -06:00
Matthew Holt
b79f86f256
Fix bugs related to auto HTTPS and alternate port configurations
2019-06-04 22:43:21 -06:00
Matthew Holt
613aecb898
Change import paths to GitHub package names
2019-06-04 13:52:37 -06:00
Matthew Holt
f064889a4f
Customize admin endpoint address with -listen flag
...
This is a temporary holdover for development purposes
2019-06-03 15:35:14 -06:00
Matthew Holt
3439933235
Implement session ticket keys; default STEK module with rotation
2019-05-29 23:11:46 -06:00
Matthew Holt
da6a8cfc86
Minor cleanups
2019-05-28 18:52:21 -06:00
Matthew Holt
9cd6f35e9d
Separate out certificate selection
2019-05-27 11:31:47 -06:00
Matthew Holt
210d0cf7f1
Implement custom cert selection policies; optimize matching for SNI
2019-05-24 13:18:45 -06:00
Matthew Holt
be9b6e7b57
Honor the configured CA value
2019-05-21 14:22:33 -06:00
Matthew Holt
2fd98cb040
Module.New() does not need to return an error
2019-05-21 14:22:21 -06:00
Matthew Holt
1f0c061ce3
Architectural shift to using context for config and module state
2019-05-16 16:05:38 -06:00
Matthew Holt
f9d93ead4e
Rename and export some types, other minor changes
2019-05-14 14:14:05 -06:00
Matthew Holt
48b5a80320
Remove (unimplemented) enterprise TLS matchers
2019-05-07 11:58:58 -06:00
Matthew Holt
5859cd8dad
Instantiate apps that are needed but not explicitly configured
2019-04-29 09:22:00 -06:00
Matthew Holt
43961b542b
General cleanup and more godocs
2019-04-26 12:35:39 -06:00
Matthew Holt
2d056fbe66
Initial commit of Storage, TLS, and automatic HTTPS implementations
2019-04-25 13:54:48 -06:00