Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
* caddyhttp: Escaping placeholders in CEL
* Simplify some of the test cases
* Implement vars and vars_regexp in CEL
* dupl lint is dumb
* Better consts for the placeholder CEL shortcut
* Bump CEL version, register a few extensions
* Refactor s390x test script for readability
* Add retries for s390x to smooth over flakiness
* Switch to `ph` for the CEL shortcut (match it in templates cause why not)
|
|
|
|
|
|
* chore: build and test with Go 1.23
* ci: bump golangci-lint to v1.60
* fix: make properly wrap errors
* ci: remove Go 1.21
|
|
|
|
|
|
(#6485)
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support
* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
|
|
The latest tscert allows callers to provide a custom http.Transport for
calling Tailscale's local API.
Updates tailscale/caddy-tailscale#66
|
|
Fixes ARI errors reported here:
https://caddy.community/t/error-in-logs-with-updating-ari-after-upgrading-to-caddy-v2-8-1/24320
|
|
|
|
Set the requested server name in a context value for CertGetter
implementations to use. Pass ctx to tscert.GetCertificateWithContext.
Signed-off-by: Will Norris <[email protected]>
|
|
* chore: downgrade minimum Go version in go.mod
* Upgrade certmagic and zerossl
---------
Co-authored-by: Matthew Holt <[email protected]>
|
|
Seeing if this assists with some Go tooling logic
|
|
|
|
|
|
* caddytls: Evict internal certs from cache based on issuer
During a config reload, we would keep certs in the cache fi they were used by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs.
This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs.
* Make sure new TLS app manages configured certs
* Actually make it work
|
|
|
|
* Add option to configure certificate lifetime
* Bump CertMagic dep to latest master commit
* Apply suggestions and ran go mod tidy
* Update modules/caddytls/acmeissuer.go
Co-authored-by: Matt Holt <[email protected]>
---------
Co-authored-by: Matt Holt <[email protected]>
|
|
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades
* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME
* Fix go.mod
* caddytls: Fix automation related to managers (fix #6060)
* Fix typo (appease linter)
* Fix HTTP validation with ZeroSSL API
|
|
|
|
|
|
* update quic-go to v0.42.0
* use a rate limiter to control QUIC source address verification
* Lint
* remove deprecated ListenQUIC
* remove number of requests tracking
* increase the number of handshakes before source address verification is needed
* remove references to request counters
* remove deprecated listen*
---------
Co-authored-by: Francis Lavoie <[email protected]>
Co-authored-by: WeidiDeng <[email protected]>
|
|
* upgrade to cel v0.20.0
* Attempt to address feedback and fix linter
* Let's try this
* Take that, you linter!
* Oh there's more
---------
Co-authored-by: Francis Lavoie <[email protected]>
Co-authored-by: Matt Holt <[email protected]>
Co-authored-by: Tristan Swadell @TristonianJones
|
|
|
|
pluggable (#6050)
* Made trusted leaf certificates pluggable into the tls.client_auth.leaf
module
* Added leaf loaders modules: file, folder, pem aand storage
* Cleaned implementation of leaf cert loader modules
* Added tests for leaf certs file and folder loaders
* cmd: fix the output of the `Usage` section (#6138)
* core: OnExit hooks (#6128)
* core: OnExit callbacks
* core: Process-global OnExit callbacks
* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added more leaf certificate loaders tests and cleaned up code
* Modified leaf cert loaders json field names and cleaned up storage loader comment
* Update modules/caddytls/leaffileloader.go
* Update LeafStorageLoader certificates field name
* Upgraded protobuf version
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Mohammed Al Sahaf <[email protected]>
Co-authored-by: Matt Holt <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
|
Co-authored-by: Francis Lavoie <[email protected]>
Co-authored-by: Matt Holt <[email protected]>
|
|
* ci/cd: use the build tag `nobadger` to exclude badgerdb
* upgrade github.com/google/certificate-transparency-go@master
|
|
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* feat: use automaxprocs for better perf in containers
* better logs
* cs
|
|
|
|
* proxyprotocol: use github.com/pires/go-proxyproto
* Fix typo: r/generelly/generally
Co-authored-by: Francis Lavoie <[email protected]>
* add config options for `Deny` CIDR and fallback policy
* use `netip` package & trust unix sockets
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* caddytls: Log out remote addr to detect abuse
* caddytls: Sync distributed storage cleaning
* Handle errors
* Update certmagic to fix tiny bug
* Split off port when logging remote IP
* Upgrade CertMagic
|
|
See https://github.com/caddyserver/certmagic/pull/255
|
|
Signed-off-by: Dan Lorenc <[email protected]>
|
|
|
|
|
|
This commit upgrades the router used in the acmeserver to
github.com/go-chi/chi/v5. In the latest release of step-ca, the router
used by certificates was upgraded to that version.
Fixes #5911
Signed-off-by: Mariano Cano <[email protected]>
|