summaryrefslogtreecommitdiff
path: root/go.sum
AgeCommit message (Collapse)Author
2020-12-09go.mod: Update CertMagic (fix #3911)Matthew Holt
2020-12-08go.mod: Upgrade some dependenciesMatthew Holt
2020-12-04go.mod: update quic-go to v0.19.3 (#3901)Marten Seemann
2020-11-22ci: Use golangci's github action for linting (#3794)Dave Henderson
* ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the misspell lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the unused lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosec lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <dhenderson@gmail.com> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> * single-line log message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Ignore some of the write errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove blank line Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Use lifetime Signed-off-by: Dave Henderson <dhenderson@gmail.com> * close immediately Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Preallocate configVals Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-21go.mod: update quic-go to v0.19.2 (#3880)Marten Seemann
2020-11-18reverseproxy: fix random hangs on http/2 requests with server push (#3875)Денис Телюх
see https://github.com/golang/go/issues/42534
2020-11-16caddytls: Support multiple issuers (#3862)Matt Holt
* caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-12caddytls: Support ACME alt cert chain preferencesMatthew Holt
2020-10-22go.mod: Update CertMagicMatthew Holt
2020-09-17go.mod: Upgrade dependenciesMatthew Holt
2020-09-17metrics: Initial integration of Prometheus metrics (#3709)Dave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2020-08-21caddytls: Configure custom DNS resolvers for DNS challenge (close #2476)Matthew Holt
And #3391 Maybe also related: #3664
2020-08-20go.mod: Use v0.15(.1) of smallstep libsMatthew Holt
Update internal issuer for compatibility -- yay simpler code! The .1 version also fixes non-critical SAN extensions that caused trust issues on several clients.
2020-08-20ci: Upgrade to Go 1.15 (#3642)Francis Lavoie
* ci: Try Go 1.15 RC1 out of curiosity * Go 1.15 was released; let's try it * Update to latest quic-go * Attempt at fixing broken test Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-11caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)Matt Holt
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-08-08go.mod: Bump CertMagicMatthew Holt
2020-08-06go.mod: Update some dependenciesMatthew Holt
We can't update smallstep/nosql and klauspost/cpuid yet because of upstream breakage.
2020-07-30caddytls: Replace lego with acmez (#3621)Matt Holt
* Replace lego with acmez; upgrade CertMagic * Update integration test
2020-07-20go.mod: Update quic-go, truststore, and goldmarkMatthew Holt
2020-07-06go.mod: Upgrade and downgrade smallstep, quic-go, and cpuidMatthew Holt
Closes #3537 and fixes #3535
2020-06-30cel: fix validation of expression result type (#3526)Mohammed Al Sahaf
* cel: fix validation of expression result type The earlier code used the proto.Equals from github.com/gogo/protobuf, which failed to compare two messages of the same type for some reason. Switching to proto.Equal from the canonical github.com/golang/protobuf fixes the issue. * deps: remove deprecated github.com/golang/protobuf in favor of google.golang.org/protobuf * downgrade github.com/smallstep/nosql to resolve warning pb.proto warning
2020-06-26go.mod: Minor dependency updatesMatthew Holt
2020-06-12go.mod: Update quic-go to 0.17.1 (draft 29) and certmagic 0.11.2 (eab)Matthew Holt
2020-06-11caddytls: Don't decode HMACMatthew Holt
https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt
2020-06-05go.mod: Update dependenciesMatthew Holt
2020-06-01go.mod: Update dependenciesMatthew Holt
2020-05-21caddyhttp: Add time.now placeholder and update cel-go (closes #2594)Matthew Holt
2020-05-17go.mod: Update dependenciesMatthew Holt
Notably, this adds Caddyfile syntax highlighting in markdown rendering
2020-05-12all: Recover from panics in goroutinesMatthew Holt
2020-05-06Update dependencies and get rid of placeholder hacks in CA codeMatthew Holt
With the latest commit on smallstep/certificates, placeholders in config are no longer needed.
2020-05-05pki: Embedded ACME server (#3198)Matt Holt
* pki: Initial commit of embedded ACME server (#3021) * reverseproxy: Support auto-managed TLS client certificates (#3021) * A little cleanup after today's review session
2020-05-02caddytls: Finish upgrading to libdns DNS providers for ACME challengesMatthew Holt
Until we finish the migration to the new acme library, we have to bring the solver type in-house. It's small and temporary.
2020-05-01reverseproxy: Remove circuitbreaker module (see #3331)Matthew Holt
Moving to https://github.com/caddyserver/circuitbreaker Nobody was using it anyway -- it works well, but something got fumbled in a refactoring *months* ago. Turns out that we forgot the interface guards AND botched a method name (my bad) - Ok() should have been OK(). So it would always have thrown a runtime panic if it tried to be loaded. The module itself works well, but obviously nobody used it because nobody reported the error. Fixing this while we move it to the new repo. Removing this removes the last Bazaar/Launchpad dependency (I think).
2020-04-30go.mod: Remove DNSProviderMaker interface; update to lego 3.6Matthew Holt
2020-04-14go.mod: Update dependencies including CertMagic (fixes #3202)Matthew Holt
2020-04-09go.mod: Update certmagicMatthew Holt
2020-04-09go.mod: Try smallstep againMatthew Holt
See if the broken dependency cycle has been... well, broken
2020-04-09go.mod: Update smallstep/cliMatthew Holt
2020-04-09go.mod: Update dependenciesMatthew Holt
Should fix the builds with GOPROXY=direct!
2020-04-08caddyhttp: CEL matcher checks return type; slight refactorMatthew Holt
As per https://github.com/caddyserver/caddy/issues/3051#issuecomment-611200414
2020-04-03chore: add adapt tests. fix load failure not failing tests (#3222)Mark Sargent
* add adaption tests. fix load failure not failing tests * removed unnecessary assignment
2020-04-03go.mod: Update CertMagic (again) v0.10.10Matthew Holt
2020-04-03go.mod: Use latest Certmagic (v0.10.9)Matthew Holt
2020-04-03go.mod: Update CertMagic to v0.10.8Matthew Holt
Fixes occasional panic due to closing closed channel
2020-04-01caddytls: Refactor certificate selection policies (close #1575)Matthew Holt
Certificate selection used to be a module, but this seems unnecessary, especially since the built-in CustomSelectionPolicy allows quite complex selection logic on a number of fields in certs. If we need to extend that logic, we can, but I don't think there are SO many possibilities that we need modules. This update also allows certificate selection to choose between multiple matching certs based on client compatibility and makes a number of other improvements in the default cert selection logic, both here and in the latest CertMagic. The hardest part of this was the conn policy consolidation logic (Caddyfile only, of course). We have to merge connection policies that we can easily combine, because if two certs are manually loaded in a Caddyfile site block, that produces two connection policies, and each cert is tagged with a different tag, meaning only the first would ever be selected. So given the same matchers, we can merge the two, but this required improving the Tag selection logic to support multiple tags to choose from, hence "tags" changed to "any_tag" or "all_tags" (but we use any_tag in our Caddyfile logic). Combining conn policies with conflicting settings is impossible, so that should return an error if two policies with the exact same matchers have non-empty settings that are not the same (the one exception being any_tag which we can merge because the logic for them is to OR them). It was a bit complicated. It seems to work in numerous tests I've conducted, but we'll see how it pans out in the release candidates.
2020-04-01go.mod: Update smallstep/truststoreMatthew Holt
So that installation continues if Firefox is not installed See https://github.com/smallstep/truststore/issues/3
2020-03-31caddytls: Add support for externalAccountBinding ACME extensionMatthew Holt
2020-03-26caddytls: Match automation policies by wildcard subjects tooMatthew Holt
https://caddy.community/t/wildcard-snis-not-being-matched/7271/24?u=matt Also use new CertMagic function for matching wildcard names
2020-03-24Remove some non-essential plugins from this repo (#2780)Matthew Holt
Brotli encoder, jsonc and json5 config adapters, and the unfinished HTTP cache handler are removed. They will be available in separate repos.
2020-03-20go.mod: Update some deps; add new Strings lib to CEL matcherMatthew Holt