Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
cf69d190
Commit
cf69d190
authored
Apr 01, 2016
by
elcore
Committed by
Eldin Hadzic
Apr 02, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
A new feature for the "tls" directive
parent
8a2f2f8d
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
49 additions
and
1 deletion
+49
-1
caddy/https/https.go
caddy/https/https.go
+1
-1
caddy/https/setup.go
caddy/https/setup.go
+21
-0
caddy/https/setup_test.go
caddy/https/setup_test.go
+27
-0
No files found.
caddy/https/https.go
View file @
cf69d190
...
@@ -404,7 +404,7 @@ const AlternatePort = "5033"
...
@@ -404,7 +404,7 @@ const AlternatePort = "5033"
// KeyType is the type to use for new keys.
// KeyType is the type to use for new keys.
// This shouldn't need to change except for in tests;
// This shouldn't need to change except for in tests;
// the size can be drastically reduced for speed.
// the size can be drastically reduced for speed.
var
KeyType
=
acme
.
EC384
var
KeyType
acme
.
KeyType
// stopChan is used to signal the maintenance goroutine
// stopChan is used to signal the maintenance goroutine
// to terminate.
// to terminate.
...
...
caddy/https/setup.go
View file @
cf69d190
...
@@ -14,6 +14,7 @@ import (
...
@@ -14,6 +14,7 @@ import (
"github.com/mholt/caddy/caddy/setup"
"github.com/mholt/caddy/caddy/setup"
"github.com/mholt/caddy/middleware"
"github.com/mholt/caddy/middleware"
"github.com/mholt/caddy/server"
"github.com/mholt/caddy/server"
"github.com/xenolf/lego/acme"
)
)
// Setup sets up the TLS configuration and installs certificates that
// Setup sets up the TLS configuration and installs certificates that
...
@@ -51,6 +52,13 @@ func Setup(c *setup.Controller) (middleware.Middleware, error) {
...
@@ -51,6 +52,13 @@ func Setup(c *setup.Controller) (middleware.Middleware, error) {
for
c
.
NextBlock
()
{
for
c
.
NextBlock
()
{
hadBlock
=
true
hadBlock
=
true
switch
c
.
Val
()
{
switch
c
.
Val
()
{
case
"key_type"
:
arg
:=
c
.
RemainingArgs
()
value
,
ok
:=
supportedKeyTypes
[
strings
.
ToUpper
(
arg
[
0
])]
if
!
ok
{
return
nil
,
c
.
Errf
(
"Wrong KeyType name or KeyType not supported '%s'"
,
c
.
Val
())
}
KeyType
=
value
case
"protocols"
:
case
"protocols"
:
args
:=
c
.
RemainingArgs
()
args
:=
c
.
RemainingArgs
()
if
len
(
args
)
!=
2
{
if
len
(
args
)
!=
2
{
...
@@ -220,6 +228,10 @@ func loadCertsInDir(c *setup.Controller, dir string) error {
...
@@ -220,6 +228,10 @@ func loadCertsInDir(c *setup.Controller, dir string) error {
// port to 443 if not already set, TLS is enabled, TLS is manual, and the host
// port to 443 if not already set, TLS is enabled, TLS is manual, and the host
// does not equal localhost.
// does not equal localhost.
func
setDefaultTLSParams
(
c
*
server
.
Config
)
{
func
setDefaultTLSParams
(
c
*
server
.
Config
)
{
if
KeyType
==
""
{
KeyType
=
acme
.
RSA2048
}
// If no ciphers provided, use default list
// If no ciphers provided, use default list
if
len
(
c
.
TLS
.
Ciphers
)
==
0
{
if
len
(
c
.
TLS
.
Ciphers
)
==
0
{
c
.
TLS
.
Ciphers
=
defaultCiphers
c
.
TLS
.
Ciphers
=
defaultCiphers
...
@@ -247,6 +259,15 @@ func setDefaultTLSParams(c *server.Config) {
...
@@ -247,6 +259,15 @@ func setDefaultTLSParams(c *server.Config) {
}
}
}
}
// Map of supported key types
var
supportedKeyTypes
=
map
[
string
]
acme
.
KeyType
{
"EC384"
:
acme
.
EC384
,
"EC256"
:
acme
.
EC256
,
"RSA8192"
:
acme
.
RSA8192
,
"RSA4096"
:
acme
.
RSA4096
,
"RSA2048"
:
acme
.
RSA2048
,
}
// Map of supported protocols.
// Map of supported protocols.
// SSLv3 will be not supported in future release.
// SSLv3 will be not supported in future release.
// HTTP/2 only supports TLS 1.2 and higher.
// HTTP/2 only supports TLS 1.2 and higher.
...
...
caddy/https/setup_test.go
View file @
cf69d190
...
@@ -8,6 +8,7 @@ import (
...
@@ -8,6 +8,7 @@ import (
"testing"
"testing"
"github.com/mholt/caddy/caddy/setup"
"github.com/mholt/caddy/caddy/setup"
"github.com/xenolf/lego/acme"
)
)
func
TestMain
(
m
*
testing
.
M
)
{
func
TestMain
(
m
*
testing
.
M
)
{
...
@@ -170,6 +171,16 @@ func TestSetupParseWithWrongOptionalParams(t *testing.T) {
...
@@ -170,6 +171,16 @@ func TestSetupParseWithWrongOptionalParams(t *testing.T) {
if
err
==
nil
{
if
err
==
nil
{
t
.
Errorf
(
"Expected errors, but no error returned"
)
t
.
Errorf
(
"Expected errors, but no error returned"
)
}
}
// Test key_type wrong params
params
=
`tls {
key_type ab123
}`
c
=
setup
.
NewTestController
(
params
)
_
,
err
=
Setup
(
c
)
if
err
==
nil
{
t
.
Errorf
(
"Expected errors, but no error returned"
)
}
}
}
func
TestSetupParseWithClientAuth
(
t
*
testing
.
T
)
{
func
TestSetupParseWithClientAuth
(
t
*
testing
.
T
)
{
...
@@ -203,6 +214,22 @@ func TestSetupParseWithClientAuth(t *testing.T) {
...
@@ -203,6 +214,22 @@ func TestSetupParseWithClientAuth(t *testing.T) {
}
}
}
}
func
TestSetupParseWithKeyType
(
t
*
testing
.
T
)
{
params
:=
`tls {
key_type ec384
}`
c
:=
setup
.
NewTestController
(
params
)
_
,
err
:=
Setup
(
c
)
if
err
!=
nil
{
t
.
Errorf
(
"Expected no errors, got: %v"
,
err
)
}
if
KeyType
!=
acme
.
EC384
{
t
.
Errorf
(
"Expected 'P384' as KeyType, got %#v"
,
KeyType
)
}
}
const
(
const
(
certFile
=
"test_cert.pem"
certFile
=
"test_cert.pem"
keyFile
=
"test_key.pem"
keyFile
=
"test_key.pem"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment