diff options
author | David Manouchehri <manouchehri@riseup.net> | 2022-09-16 16:05:37 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-16 14:05:37 -0600 |
commit | 616418281b49ed1052ee395b674d8df97c820b11 (patch) | |
tree | b7bfa98865f9dc283a199cad2db2f774522d084d /caddyconfig/httpcaddyfile | |
parent | 74547f5bedafcb59fc25f14b43301f33a40f9416 (diff) |
caddyhttp: Support TLS key logging for debugging (#4808)
* Add SSL key logging.
* Resolve merge conflict with master
* Add Caddyfile support; various fixes
* Also commit go.mod and go.sum, oops
* Appease linter
* Minor tweaks
* Add doc comment
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 67 | ||||
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 14 |
2 files changed, 42 insertions, 39 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 103b7a1..7f23fd5 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -53,8 +53,7 @@ func init() { // parseBind parses the bind directive. Syntax: // -// bind <addresses...> -// +// bind <addresses...> func parseBind(h Helper) ([]ConfigValue, error) { var lnHosts []string for h.Next() { @@ -65,28 +64,28 @@ func parseBind(h Helper) ([]ConfigValue, error) { // parseTLS parses the tls directive. Syntax: // -// tls [<email>|internal]|[<cert_file> <key_file>] { -// protocols <min> [<max>] -// ciphers <cipher_suites...> -// curves <curves...> -// client_auth { -// mode [request|require|verify_if_given|require_and_verify] -// trusted_ca_cert <base64_der> -// trusted_ca_cert_file <filename> -// trusted_leaf_cert <base64_der> -// trusted_leaf_cert_file <filename> -// } -// alpn <values...> -// load <paths...> -// ca <acme_ca_endpoint> -// ca_root <pem_file> -// dns <provider_name> [...] -// on_demand -// eab <key_id> <mac_key> -// issuer <module_name> [...] -// get_certificate <module_name> [...] -// } -// +// tls [<email>|internal]|[<cert_file> <key_file>] { +// protocols <min> [<max>] +// ciphers <cipher_suites...> +// curves <curves...> +// client_auth { +// mode [request|require|verify_if_given|require_and_verify] +// trusted_ca_cert <base64_der> +// trusted_ca_cert_file <filename> +// trusted_leaf_cert <base64_der> +// trusted_leaf_cert_file <filename> +// } +// alpn <values...> +// load <paths...> +// ca <acme_ca_endpoint> +// ca_root <pem_file> +// dns <provider_name> [...] +// on_demand +// eab <key_id> <mac_key> +// issuer <module_name> [...] +// get_certificate <module_name> [...] +// insecure_secrets_log <log_file> +// } func parseTLS(h Helper) ([]ConfigValue, error) { cp := new(caddytls.ConnectionPolicy) var fileLoader caddytls.FileLoader @@ -396,6 +395,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } onDemand = true + case "insecure_secrets_log": + if !h.NextArg() { + return nil, h.ArgErr() + } + cp.InsecureSecretsLog = h.Val() + default: return nil, h.Errf("unknown subdirective: %s", h.Val()) } @@ -516,8 +521,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // parseRoot parses the root directive. Syntax: // -// root [<matcher>] <path> -// +// root [<matcher>] <path> func parseRoot(h Helper) (caddyhttp.MiddlewareHandler, error) { var root string for h.Next() { @@ -695,12 +699,11 @@ func parseHandleErrors(h Helper) ([]ConfigValue, error) { // parseLog parses the log directive. Syntax: // -// log { -// output <writer_module> ... -// format <encoder_module> ... -// level <level> -// } -// +// log { +// output <writer_module> ... +// format <encoder_module> ... +// level <level> +// } func parseLog(h Helper) ([]ConfigValue, error) { return parseLogHelper(h, nil) } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index c41e8bc..1775c93 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -421,13 +421,13 @@ func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ any) (any, error) { // parseLogOptions parses the global log option. Syntax: // -// log [name] { -// output <writer_module> ... -// format <encoder_module> ... -// level <level> -// include <namespaces...> -// exclude <namespaces...> -// } +// log [name] { +// output <writer_module> ... +// format <encoder_module> ... +// level <level> +// include <namespaces...> +// exclude <namespaces...> +// } // // When the name argument is unspecified, this directive modifies the default // logger. |