summaryrefslogtreecommitdiff
path: root/caddyconfig
diff options
context:
space:
mode:
authorDavid Manouchehri <manouchehri@riseup.net>2022-09-16 16:05:37 -0400
committerGitHub <noreply@github.com>2022-09-16 14:05:37 -0600
commit616418281b49ed1052ee395b674d8df97c820b11 (patch)
treeb7bfa98865f9dc283a199cad2db2f774522d084d /caddyconfig
parent74547f5bedafcb59fc25f14b43301f33a40f9416 (diff)
caddyhttp: Support TLS key logging for debugging (#4808)
* Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'caddyconfig')
-rw-r--r--caddyconfig/httpcaddyfile/builtins.go67
-rw-r--r--caddyconfig/httpcaddyfile/options.go14
2 files changed, 42 insertions, 39 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go
index 103b7a1..7f23fd5 100644
--- a/caddyconfig/httpcaddyfile/builtins.go
+++ b/caddyconfig/httpcaddyfile/builtins.go
@@ -53,8 +53,7 @@ func init() {
// parseBind parses the bind directive. Syntax:
//
-// bind <addresses...>
-//
+// bind <addresses...>
func parseBind(h Helper) ([]ConfigValue, error) {
var lnHosts []string
for h.Next() {
@@ -65,28 +64,28 @@ func parseBind(h Helper) ([]ConfigValue, error) {
// parseTLS parses the tls directive. Syntax:
//
-// tls [<email>|internal]|[<cert_file> <key_file>] {
-// protocols <min> [<max>]
-// ciphers <cipher_suites...>
-// curves <curves...>
-// client_auth {
-// mode [request|require|verify_if_given|require_and_verify]
-// trusted_ca_cert <base64_der>
-// trusted_ca_cert_file <filename>
-// trusted_leaf_cert <base64_der>
-// trusted_leaf_cert_file <filename>
-// }
-// alpn <values...>
-// load <paths...>
-// ca <acme_ca_endpoint>
-// ca_root <pem_file>
-// dns <provider_name> [...]
-// on_demand
-// eab <key_id> <mac_key>
-// issuer <module_name> [...]
-// get_certificate <module_name> [...]
-// }
-//
+// tls [<email>|internal]|[<cert_file> <key_file>] {
+// protocols <min> [<max>]
+// ciphers <cipher_suites...>
+// curves <curves...>
+// client_auth {
+// mode [request|require|verify_if_given|require_and_verify]
+// trusted_ca_cert <base64_der>
+// trusted_ca_cert_file <filename>
+// trusted_leaf_cert <base64_der>
+// trusted_leaf_cert_file <filename>
+// }
+// alpn <values...>
+// load <paths...>
+// ca <acme_ca_endpoint>
+// ca_root <pem_file>
+// dns <provider_name> [...]
+// on_demand
+// eab <key_id> <mac_key>
+// issuer <module_name> [...]
+// get_certificate <module_name> [...]
+// insecure_secrets_log <log_file>
+// }
func parseTLS(h Helper) ([]ConfigValue, error) {
cp := new(caddytls.ConnectionPolicy)
var fileLoader caddytls.FileLoader
@@ -396,6 +395,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
}
onDemand = true
+ case "insecure_secrets_log":
+ if !h.NextArg() {
+ return nil, h.ArgErr()
+ }
+ cp.InsecureSecretsLog = h.Val()
+
default:
return nil, h.Errf("unknown subdirective: %s", h.Val())
}
@@ -516,8 +521,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
// parseRoot parses the root directive. Syntax:
//
-// root [<matcher>] <path>
-//
+// root [<matcher>] <path>
func parseRoot(h Helper) (caddyhttp.MiddlewareHandler, error) {
var root string
for h.Next() {
@@ -695,12 +699,11 @@ func parseHandleErrors(h Helper) ([]ConfigValue, error) {
// parseLog parses the log directive. Syntax:
//
-// log {
-// output <writer_module> ...
-// format <encoder_module> ...
-// level <level>
-// }
-//
+// log {
+// output <writer_module> ...
+// format <encoder_module> ...
+// level <level>
+// }
func parseLog(h Helper) ([]ConfigValue, error) {
return parseLogHelper(h, nil)
}
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index c41e8bc..1775c93 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -421,13 +421,13 @@ func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ any) (any, error) {
// parseLogOptions parses the global log option. Syntax:
//
-// log [name] {
-// output <writer_module> ...
-// format <encoder_module> ...
-// level <level>
-// include <namespaces...>
-// exclude <namespaces...>
-// }
+// log [name] {
+// output <writer_module> ...
+// format <encoder_module> ...
+// level <level>
+// include <namespaces...>
+// exclude <namespaces...>
+// }
//
// When the name argument is unspecified, this directive modifies the default
// logger.