From 616418281b49ed1052ee395b674d8df97c820b11 Mon Sep 17 00:00:00 2001 From: David Manouchehri Date: Fri, 16 Sep 2022 16:05:37 -0400 Subject: caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/builtins.go | 67 ++++++++++++++++++----------------- caddyconfig/httpcaddyfile/options.go | 14 ++++---- 2 files changed, 42 insertions(+), 39 deletions(-) (limited to 'caddyconfig') diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 103b7a1..7f23fd5 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -53,8 +53,7 @@ func init() { // parseBind parses the bind directive. Syntax: // -// bind -// +// bind func parseBind(h Helper) ([]ConfigValue, error) { var lnHosts []string for h.Next() { @@ -65,28 +64,28 @@ func parseBind(h Helper) ([]ConfigValue, error) { // parseTLS parses the tls directive. Syntax: // -// tls [|internal]|[ ] { -// protocols [] -// ciphers -// curves -// client_auth { -// mode [request|require|verify_if_given|require_and_verify] -// trusted_ca_cert -// trusted_ca_cert_file -// trusted_leaf_cert -// trusted_leaf_cert_file -// } -// alpn -// load -// ca -// ca_root -// dns [...] -// on_demand -// eab -// issuer [...] -// get_certificate [...] -// } -// +// tls [|internal]|[ ] { +// protocols [] +// ciphers +// curves +// client_auth { +// mode [request|require|verify_if_given|require_and_verify] +// trusted_ca_cert +// trusted_ca_cert_file +// trusted_leaf_cert +// trusted_leaf_cert_file +// } +// alpn +// load +// ca +// ca_root +// dns [...] +// on_demand +// eab +// issuer [...] +// get_certificate [...] +// insecure_secrets_log +// } func parseTLS(h Helper) ([]ConfigValue, error) { cp := new(caddytls.ConnectionPolicy) var fileLoader caddytls.FileLoader @@ -396,6 +395,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } onDemand = true + case "insecure_secrets_log": + if !h.NextArg() { + return nil, h.ArgErr() + } + cp.InsecureSecretsLog = h.Val() + default: return nil, h.Errf("unknown subdirective: %s", h.Val()) } @@ -516,8 +521,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // parseRoot parses the root directive. Syntax: // -// root [] -// +// root [] func parseRoot(h Helper) (caddyhttp.MiddlewareHandler, error) { var root string for h.Next() { @@ -695,12 +699,11 @@ func parseHandleErrors(h Helper) ([]ConfigValue, error) { // parseLog parses the log directive. Syntax: // -// log { -// output ... -// format ... -// level -// } -// +// log { +// output ... +// format ... +// level +// } func parseLog(h Helper) ([]ConfigValue, error) { return parseLogHelper(h, nil) } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index c41e8bc..1775c93 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -421,13 +421,13 @@ func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ any) (any, error) { // parseLogOptions parses the global log option. Syntax: // -// log [name] { -// output ... -// format ... -// level -// include -// exclude -// } +// log [name] { +// output ... +// format ... +// level +// include +// exclude +// } // // When the name argument is unspecified, this directive modifies the default // logger. -- cgit v1.2.3