From b8cba62643abf849411856bd92c42b59b98779f4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 6 Mar 2020 23:15:25 -0700 Subject: Refactor for CertMagic v0.10; prepare for PKI app This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries. --- modules/caddytls/values.go | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) (limited to 'modules/caddytls/values.go') diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go index 21a6b33..40b0de0 100644 --- a/modules/caddytls/values.go +++ b/modules/caddytls/values.go @@ -17,8 +17,9 @@ package caddytls import ( "crypto/tls" "crypto/x509" + "fmt" - "github.com/go-acme/lego/v3/certcrypto" + "github.com/caddyserver/certmagic" "github.com/klauspost/cpuid" ) @@ -101,11 +102,12 @@ var SupportedCurves = map[string]tls.CurveID{ // supportedCertKeyTypes is all the key types that are supported // for certificates that are obtained through ACME. -var supportedCertKeyTypes = map[string]certcrypto.KeyType{ - "rsa_2048": certcrypto.RSA2048, - "rsa_4096": certcrypto.RSA4096, - "ec_p256": certcrypto.EC256, - "ec_p384": certcrypto.EC384, +var supportedCertKeyTypes = map[string]certmagic.KeyType{ + "rsa2048": certmagic.RSA2048, + "rsa4096": certmagic.RSA4096, + "p256": certmagic.P256, + "p384": certmagic.P384, + "ed25519": certmagic.ED25519, } // defaultCurves is the list of only the curves we want to use @@ -127,9 +129,36 @@ var SupportedProtocols = map[string]uint16{ "tls1.3": tls.VersionTLS13, } +// unsupportedProtocols is a map of unsupported protocols. +// Used for logging only, not enforcement. +var unsupportedProtocols = map[string]uint16{ + "ssl3.0": tls.VersionSSL30, + "tls1.0": tls.VersionTLS10, + "tls1.1": tls.VersionTLS11, +} + // publicKeyAlgorithms is the map of supported public key algorithms. var publicKeyAlgorithms = map[string]x509.PublicKeyAlgorithm{ "rsa": x509.RSA, "dsa": x509.DSA, "ecdsa": x509.ECDSA, } + +// ProtocolName returns the standard name for the passed protocol version ID +// (e.g. "TLS1.3") or a fallback representation of the ID value if the version +// is not supported. +func ProtocolName(id uint16) string { + for k, v := range SupportedProtocols { + if v == id { + return k + } + } + + for k, v := range unsupportedProtocols { + if v == id { + return k + } + } + + return fmt.Sprintf("0x%04x", id) +} -- cgit v1.2.3