| Age | Commit message (Collapse) | Author |
|---|
|
* reading client certificate config from Caddyfile
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* Update caddyconfig/httpcaddyfile/builtins.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* added adapt test for parsing client certificate configuration from Caddyfile
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* Update modules/caddytls/connpolicy.go
* Make review adjustments
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* caddyfile: Add support for args on imports
* caddyfile: Add more import args tests
|
|
* caddyconfig: WIP implementation of handle_path
* caddyconfig: Complete the implementation - h.NewRoute was key
* caddyconfig: Add handle_path integration test
* caddyhttp: Use the path matcher as-is, strip the trailing *, update test
|
|
|
|
* fastcgi: Add new php_fastcgi subdirectives to override the shortcut
* fastcgi: Support "index off" to disable redir and try_files
* fastcgi: Remove whitespace to satisfy linter
* fastcgi: Run gofmt
* fastcgi: Make a new dispenser instead of using rewind
* fastcgi: Some fmt
* fastcgi: Add a couple adapt tests
* fastcgi: Clean up for loops
* fastcgi: Move adapt tests to separate files
|
|
|
|
* httpcaddyfile: Add shorthands for parameterized placeholders
httpcaddyfile: Now with regexp instead
httpcaddyfile: Allow dashes, gofmt
httpcaddyfile: Compile regexp only once
httpcaddyfile: Cleanup struct
httpcaddyfile: Optimize the replacers, pull out of the loop
httpcaddyfile: Add `{port}` shorthand
* httpcaddyfile: Switch `r.` to `re.`
|
|
* caddy: Add support for `d` duration unit
* Improvements to ParseDuration; add unit tests
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
* httpcaddyfile: Make global options pluggable
* httpcaddyfile: Add a global options adapt test
* httpcaddyfile: Wrap err
Co-Authored-By: Dave Henderson <dhenderson@gmail.com>
* httpcaddyfile: Revert wrap err
Co-authored-by: Dave Henderson <dhenderson@gmail.com>
|
|
|
|
* httpcaddyfile: Support single-line matchers
* httpcaddyfile: Add single-line matcher test
* httpcaddyfile: Add a matcher syntax adapt test
|
|
* refactored caddytest helpers
* added cookie jar support. Added support for more http verbs
|
|
* httpcaddyfile: Don't add TLS policy to HTTP-only server (#3193, #3223)
* Account for HTTP port
* Add integration test written by @sarge
|
|
* add adaption tests. fix load failure not failing tests
* removed unnecessary assignment
|
|
Certificate selection used to be a module, but this seems unnecessary,
especially since the built-in CustomSelectionPolicy allows quite complex
selection logic on a number of fields in certs. If we need to extend
that logic, we can, but I don't think there are SO many possibilities
that we need modules.
This update also allows certificate selection to choose between multiple
matching certs based on client compatibility and makes a number of other
improvements in the default cert selection logic, both here and in the
latest CertMagic.
The hardest part of this was the conn policy consolidation logic
(Caddyfile only, of course). We have to merge connection policies that
we can easily combine, because if two certs are manually loaded in a
Caddyfile site block, that produces two connection policies, and each
cert is tagged with a different tag, meaning only the first would ever
be selected. So given the same matchers, we can merge the two, but this
required improving the Tag selection logic to support multiple tags to
choose from, hence "tags" changed to "any_tag" or "all_tags" (but we
use any_tag in our Caddyfile logic).
Combining conn policies with conflicting settings is impossible, so
that should return an error if two policies with the exact same matchers
have non-empty settings that are not the same (the one exception being
any_tag which we can merge because the logic for them is to OR them).
It was a bit complicated. It seems to work in numerous tests I've
conducted, but we'll see how it pans out in the release candidates.
|
|
* run caddy tests in process
* call main with run args
* exclude tests - windows
* include json example
* disable caddyfile tests, include json test with non trusted local ca
* converted SNI tests to json syntax
|
|
* added sni tests
* set the default sni when there is no host to match
* removed invalid sni test. Disabled tests that rely on host headers.
* readded SNI tests. Added logging of config load times
|
|
* add integration tests
* removed SNI test
* remove integration test condition
* minor edit
* fix sni when using static certificates
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
