summaryrefslogtreecommitdiff
path: root/modules/caddytls
AgeCommit message (Collapse)Author
2019-09-24tls/acme: Ability to customize trusted roots for ACME servers (#2756)Matt Holt
Closes #2702
2019-09-17tls: Clean up expired OCSP staples and certificatesMatthew Holt
2019-09-14Eliminate some TODOsMatthew Holt
2019-09-13http: Consider wildcards when evaluating automatic HTTPSMatthew Holt
2019-09-12tls: Do away with SetDefaults which did nothing usefulMatthew Holt
CertMagic uses the same defaults for us
2019-09-12go.mod: Use lego v3 and CertMagic 0.7.0Matthew Holt
2019-09-11tls: Remove support for TLS 1.0 and TLS 1.1Matthew Holt
2019-09-11tls: Use Let's Encrypt production endpointMatthew Holt
We're done testing this in staging
2019-09-10Require Go 1.13; use Go 1.13's default support for TLS 1.3Matthew Holt
2019-09-03Initial implementation of TLS client authentication (#2731)Alexandre Stein
* Add support for client TLS authentication Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com> * make and use client authentication struct * force StrictSNIHost if TLSConnPolicies is not empty * Implement leafs verification * Fixes issue when using multiple verification * applies the comments from maintainers * Apply comment * Refactor/cleanup initial TLS client auth implementation
2019-08-21Refactor Caddyfile adapter and module registrationMatthew Holt
Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-09Implement config adapters and beginning of Caddyfile adapterMatthew Holt
Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-07-18tls: Use IANA-standard cipher suite namesMatthew Holt
2019-07-18Fix DNS provider module unmarshaling (closes #2676)Matthew Holt
2019-07-05acmemanager: Use storage module key "module" instead of "system"Matthew Holt
2019-07-02go.mod: Append /v2 to module name; update all import pathsMatthew Holt
See https://github.com/golang/go/wiki/Modules#semantic-import-versioning
2019-07-01tls: Enable TLS 1.3 by default; set sane defaults on tls.Config structsMatthew Holt
2019-06-30Add licenseMatthew Holt
2019-06-26Optionally enforce strict TLS SNI + HTTP Host matching, & misc. cleanupMatthew Holt
We should look into a way to enable this by default when TLS client auth is configured for a server
2019-06-24caddytls: Support tags for manually-loaded certificatesMatthew Holt
2019-06-21OopsMatthew Holt
2019-06-20tls: Improve (and fix) on-demand configurationMatthew Holt
2019-06-18Implement templates handler; various minor cleanups and bug fixesMatthew Holt
2019-06-14Rename caddy2 -> caddyMatthew Holt
Removes the version from the package name
2019-06-04Fix bugs related to auto HTTPS and alternate port configurationsMatthew Holt
2019-06-04Change import paths to GitHub package namesMatthew Holt
2019-06-03Customize admin endpoint address with -listen flagMatthew Holt
This is a temporary holdover for development purposes
2019-05-29Implement session ticket keys; default STEK module with rotationMatthew Holt
2019-05-28Minor cleanupsMatthew Holt
2019-05-27Separate out certificate selectionMatthew Holt
2019-05-24Implement custom cert selection policies; optimize matching for SNIMatthew Holt
2019-05-21Honor the configured CA valueMatthew Holt
2019-05-21Module.New() does not need to return an errorMatthew Holt
2019-05-16Architectural shift to using context for config and module stateMatthew Holt
2019-05-14Rename and export some types, other minor changesMatthew Holt
2019-05-07Remove (unimplemented) enterprise TLS matchersMatthew Holt
2019-04-29Instantiate apps that are needed but not explicitly configuredMatthew Holt
2019-04-26General cleanup and more godocsMatthew Holt
2019-04-25Initial commit of Storage, TLS, and automatic HTTPS implementationsMatthew Holt