Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
53e11780
Commit
53e11780
authored
Oct 29, 2016
by
elcore
Committed by
Matt Holt
Oct 29, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add support for OCSP Must-Staple for Let's Encrypt certs (#1221)
* Fix Caddytls * Let the user decide * Address comments
parent
23f89f30
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
12 additions
and
2 deletions
+12
-2
caddytls/client.go
caddytls/client.go
+2
-2
caddytls/config.go
caddytls/config.go
+3
-0
caddytls/setup.go
caddytls/setup.go
+2
-0
caddytls/setup_test.go
caddytls/setup_test.go
+5
-0
No files found.
caddytls/client.go
View file @
53e11780
...
@@ -197,7 +197,7 @@ Attempts:
...
@@ -197,7 +197,7 @@ Attempts:
for
attempts
:=
0
;
attempts
<
2
;
attempts
++
{
for
attempts
:=
0
;
attempts
<
2
;
attempts
++
{
namesObtaining
.
Add
([]
string
{
name
})
namesObtaining
.
Add
([]
string
{
name
})
acmeMu
.
Lock
()
acmeMu
.
Lock
()
certificate
,
failures
:=
c
.
acmeClient
.
ObtainCertificate
([]
string
{
name
},
true
,
nil
)
certificate
,
failures
:=
c
.
acmeClient
.
ObtainCertificate
([]
string
{
name
},
true
,
nil
,
c
.
config
.
MustStaple
)
acmeMu
.
Unlock
()
acmeMu
.
Unlock
()
namesObtaining
.
Remove
([]
string
{
name
})
namesObtaining
.
Remove
([]
string
{
name
})
if
len
(
failures
)
>
0
{
if
len
(
failures
)
>
0
{
...
@@ -285,7 +285,7 @@ func (c *ACMEClient) Renew(name string) error {
...
@@ -285,7 +285,7 @@ func (c *ACMEClient) Renew(name string) error {
for
attempts
:=
0
;
attempts
<
2
;
attempts
++
{
for
attempts
:=
0
;
attempts
<
2
;
attempts
++
{
namesObtaining
.
Add
([]
string
{
name
})
namesObtaining
.
Add
([]
string
{
name
})
acmeMu
.
Lock
()
acmeMu
.
Lock
()
newCertMeta
,
err
=
c
.
acmeClient
.
RenewCertificate
(
certMeta
,
true
)
newCertMeta
,
err
=
c
.
acmeClient
.
RenewCertificate
(
certMeta
,
true
,
c
.
config
.
MustStaple
)
acmeMu
.
Unlock
()
acmeMu
.
Unlock
()
namesObtaining
.
Remove
([]
string
{
name
})
namesObtaining
.
Remove
([]
string
{
name
})
if
err
==
nil
{
if
err
==
nil
{
...
...
caddytls/config.go
View file @
53e11780
...
@@ -105,6 +105,9 @@ type Config struct {
...
@@ -105,6 +105,9 @@ type Config struct {
// The state needed to operate on-demand TLS
// The state needed to operate on-demand TLS
OnDemandState
OnDemandState
OnDemandState
OnDemandState
// Add the must staple TLS extension to the CSR generated by lego/acme
MustStaple
bool
}
}
// OnDemandState contains some state relevant for providing
// OnDemandState contains some state relevant for providing
...
...
caddytls/setup.go
View file @
53e11780
...
@@ -164,6 +164,8 @@ func setupTLS(c *caddy.Controller) error {
...
@@ -164,6 +164,8 @@ func setupTLS(c *caddy.Controller) error {
return
c
.
Errf
(
"Unsupported Storage provider '%s'"
,
args
[
0
])
return
c
.
Errf
(
"Unsupported Storage provider '%s'"
,
args
[
0
])
}
}
config
.
StorageProvider
=
args
[
0
]
config
.
StorageProvider
=
args
[
0
]
case
"muststaple"
:
config
.
MustStaple
=
true
default
:
default
:
return
c
.
Errf
(
"Unknown keyword '%s'"
,
c
.
Val
())
return
c
.
Errf
(
"Unknown keyword '%s'"
,
c
.
Val
())
}
}
...
...
caddytls/setup_test.go
View file @
53e11780
...
@@ -103,6 +103,7 @@ func TestSetupParseWithOptionalParams(t *testing.T) {
...
@@ -103,6 +103,7 @@ func TestSetupParseWithOptionalParams(t *testing.T) {
params
:=
`tls `
+
certFile
+
` `
+
keyFile
+
` {
params
:=
`tls `
+
certFile
+
` `
+
keyFile
+
` {
protocols tls1.0 tls1.2
protocols tls1.0 tls1.2
ciphers RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
ciphers RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
muststaple
}`
}`
cfg
:=
new
(
Config
)
cfg
:=
new
(
Config
)
RegisterConfigGetter
(
""
,
func
(
c
*
caddy
.
Controller
)
*
Config
{
return
cfg
})
RegisterConfigGetter
(
""
,
func
(
c
*
caddy
.
Controller
)
*
Config
{
return
cfg
})
...
@@ -124,6 +125,10 @@ func TestSetupParseWithOptionalParams(t *testing.T) {
...
@@ -124,6 +125,10 @@ func TestSetupParseWithOptionalParams(t *testing.T) {
if
len
(
cfg
.
Ciphers
)
-
1
!=
3
{
if
len
(
cfg
.
Ciphers
)
-
1
!=
3
{
t
.
Errorf
(
"Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v"
,
len
(
cfg
.
Ciphers
)
-
1
)
t
.
Errorf
(
"Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v"
,
len
(
cfg
.
Ciphers
)
-
1
)
}
}
if
!
cfg
.
MustStaple
{
t
.
Errorf
(
"Expected must staple to be true"
)
}
}
}
func
TestSetupDefaultWithOptionalParams
(
t
*
testing
.
T
)
{
func
TestSetupDefaultWithOptionalParams
(
t
*
testing
.
T
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment