summaryrefslogtreecommitdiff
path: root/modules/caddytls/connpolicy.go
AgeCommit message (Collapse)Author
2020-03-17httpcaddyfile: Many tls-related improvements including on-demand supportMatthew Holt
Holy heck this was complicated
2020-03-13Some hotfixes for beta 16Matthew Holt
2020-03-08caddytls: customizable client auth modes (#2913)evtr
* ability to specify that client cert must be present in SSL * changed the clientauthtype to string and make room for the values supported by go as in caddy1 * renamed the config parameter according to review comments and added documentation on allowed values * missed a reference * Minor cleanup; docs enhancements Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-03-06Refactor for CertMagic v0.10; prepare for PKI appMatthew Holt
This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-02-03v2: only compare TLS protocol versions if both are set (#3005)Mohammed Al Sahaf
2020-01-03v2: housekeeping: address minor lint complaints (#2957)Mohammed Al Sahaf
* v2: housekeeping: update tools * v2: housekeeping: adhere to US locale in spelling * v2: housekeeping: simplify code
2019-12-28http: Enable TLS for servers listening only on HTTPS portMatthew Holt
It seems silly to have to add a single, empty TLS connection policy to a server to enable TLS when it's only listening on the HTTPS port. We now do this for the user as part of automatic HTTPS (thus, it can be disabled / overridden). See https://caddy.community/t/v2-catch-all-server-with-automatic-tls/6692/2?u=matt
2019-12-10v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924)Matt Holt
This commit goes a long way toward making automated documentation of Caddy config and Caddy modules possible. It's a broad, sweeping change, but mostly internal. It allows us to automatically generate docs for all Caddy modules (including future third-party ones) and make them viewable on a web page; it also doubles as godoc comments. As such, this commit makes significant progress in migrating the docs from our temporary wiki page toward our new website which is still under construction. With this change, all host modules will use ctx.LoadModule() and pass in both the struct pointer and the field name as a string. This allows the reflect package to read the struct tag from that field so that it can get the necessary information like the module namespace and the inline key. This has the nice side-effect of unifying the code and documentation. It also simplifies module loading, and handles several variations on field types for raw module fields (i.e. variations on json.RawMessage, such as arrays and maps). I also renamed ModuleInfo.Name -> ModuleInfo.ID, to make it clear that the ID is the "full name" which includes both the module namespace and the name. This clarity is helpful when describing module hierarchy. As of this change, Caddy modules are no longer an experimental design. I think the architecture is good enough to go forward.
2019-09-30tls: Change struct fields to pointers, add nil checks; rate.Burst updateMatthew Holt
Making them pointers makes for cleaner JSON when adapting configs, if the struct is empty now it will be omitted entirely. The x/time/rate package was updated to support changing the burst, so we've incorporated that here and removed a TODO.
2019-09-14Eliminate some TODOsMatthew Holt
2019-09-12go.mod: Use lego v3 and CertMagic 0.7.0Matthew Holt
2019-09-03Initial implementation of TLS client authentication (#2731)Alexandre Stein
* Add support for client TLS authentication Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com> * make and use client authentication struct * force StrictSNIHost if TLSConnPolicies is not empty * Implement leafs verification * Fixes issue when using multiple verification * applies the comments from maintainers * Apply comment * Refactor/cleanup initial TLS client auth implementation
2019-08-09Implement config adapters and beginning of Caddyfile adapterMatthew Holt
Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-07-02go.mod: Append /v2 to module name; update all import pathsMatthew Holt
See https://github.com/golang/go/wiki/Modules#semantic-import-versioning
2019-07-01tls: Enable TLS 1.3 by default; set sane defaults on tls.Config structsMatthew Holt
2019-06-30Add licenseMatthew Holt
2019-06-20tls: Improve (and fix) on-demand configurationMatthew Holt
2019-06-14Rename caddy2 -> caddyMatthew Holt
Removes the version from the package name
2019-06-04Change import paths to GitHub package namesMatthew Holt
2019-05-29Implement session ticket keys; default STEK module with rotationMatthew Holt
2019-05-28Minor cleanupsMatthew Holt
2019-05-27Separate out certificate selectionMatthew Holt
2019-05-24Implement custom cert selection policies; optimize matching for SNIMatthew Holt
2019-05-16Architectural shift to using context for config and module stateMatthew Holt
2019-05-14Rename and export some types, other minor changesMatthew Holt
2019-04-29Instantiate apps that are needed but not explicitly configuredMatthew Holt
2019-04-25Initial commit of Storage, TLS, and automatic HTTPS implementationsMatthew Holt