mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:51:08 -05:00
A new feature for the "tls" directive
This commit is contained in:
parent
8a2f2f8d37
commit
cf69d190a2
3 changed files with 49 additions and 1 deletions
|
@ -404,7 +404,7 @@ const AlternatePort = "5033"
|
||||||
// KeyType is the type to use for new keys.
|
// KeyType is the type to use for new keys.
|
||||||
// This shouldn't need to change except for in tests;
|
// This shouldn't need to change except for in tests;
|
||||||
// the size can be drastically reduced for speed.
|
// the size can be drastically reduced for speed.
|
||||||
var KeyType = acme.EC384
|
var KeyType acme.KeyType
|
||||||
|
|
||||||
// stopChan is used to signal the maintenance goroutine
|
// stopChan is used to signal the maintenance goroutine
|
||||||
// to terminate.
|
// to terminate.
|
||||||
|
|
|
@ -14,6 +14,7 @@ import (
|
||||||
"github.com/mholt/caddy/caddy/setup"
|
"github.com/mholt/caddy/caddy/setup"
|
||||||
"github.com/mholt/caddy/middleware"
|
"github.com/mholt/caddy/middleware"
|
||||||
"github.com/mholt/caddy/server"
|
"github.com/mholt/caddy/server"
|
||||||
|
"github.com/xenolf/lego/acme"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Setup sets up the TLS configuration and installs certificates that
|
// Setup sets up the TLS configuration and installs certificates that
|
||||||
|
@ -51,6 +52,13 @@ func Setup(c *setup.Controller) (middleware.Middleware, error) {
|
||||||
for c.NextBlock() {
|
for c.NextBlock() {
|
||||||
hadBlock = true
|
hadBlock = true
|
||||||
switch c.Val() {
|
switch c.Val() {
|
||||||
|
case "key_type":
|
||||||
|
arg := c.RemainingArgs()
|
||||||
|
value, ok := supportedKeyTypes[strings.ToUpper(arg[0])]
|
||||||
|
if !ok {
|
||||||
|
return nil, c.Errf("Wrong KeyType name or KeyType not supported '%s'", c.Val())
|
||||||
|
}
|
||||||
|
KeyType = value
|
||||||
case "protocols":
|
case "protocols":
|
||||||
args := c.RemainingArgs()
|
args := c.RemainingArgs()
|
||||||
if len(args) != 2 {
|
if len(args) != 2 {
|
||||||
|
@ -220,6 +228,10 @@ func loadCertsInDir(c *setup.Controller, dir string) error {
|
||||||
// port to 443 if not already set, TLS is enabled, TLS is manual, and the host
|
// port to 443 if not already set, TLS is enabled, TLS is manual, and the host
|
||||||
// does not equal localhost.
|
// does not equal localhost.
|
||||||
func setDefaultTLSParams(c *server.Config) {
|
func setDefaultTLSParams(c *server.Config) {
|
||||||
|
if KeyType == "" {
|
||||||
|
KeyType = acme.RSA2048
|
||||||
|
}
|
||||||
|
|
||||||
// If no ciphers provided, use default list
|
// If no ciphers provided, use default list
|
||||||
if len(c.TLS.Ciphers) == 0 {
|
if len(c.TLS.Ciphers) == 0 {
|
||||||
c.TLS.Ciphers = defaultCiphers
|
c.TLS.Ciphers = defaultCiphers
|
||||||
|
@ -247,6 +259,15 @@ func setDefaultTLSParams(c *server.Config) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Map of supported key types
|
||||||
|
var supportedKeyTypes = map[string]acme.KeyType{
|
||||||
|
"EC384": acme.EC384,
|
||||||
|
"EC256": acme.EC256,
|
||||||
|
"RSA8192": acme.RSA8192,
|
||||||
|
"RSA4096": acme.RSA4096,
|
||||||
|
"RSA2048": acme.RSA2048,
|
||||||
|
}
|
||||||
|
|
||||||
// Map of supported protocols.
|
// Map of supported protocols.
|
||||||
// SSLv3 will be not supported in future release.
|
// SSLv3 will be not supported in future release.
|
||||||
// HTTP/2 only supports TLS 1.2 and higher.
|
// HTTP/2 only supports TLS 1.2 and higher.
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/mholt/caddy/caddy/setup"
|
"github.com/mholt/caddy/caddy/setup"
|
||||||
|
"github.com/xenolf/lego/acme"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestMain(m *testing.M) {
|
func TestMain(m *testing.M) {
|
||||||
|
@ -170,6 +171,16 @@ func TestSetupParseWithWrongOptionalParams(t *testing.T) {
|
||||||
if err == nil {
|
if err == nil {
|
||||||
t.Errorf("Expected errors, but no error returned")
|
t.Errorf("Expected errors, but no error returned")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Test key_type wrong params
|
||||||
|
params = `tls {
|
||||||
|
key_type ab123
|
||||||
|
}`
|
||||||
|
c = setup.NewTestController(params)
|
||||||
|
_, err = Setup(c)
|
||||||
|
if err == nil {
|
||||||
|
t.Errorf("Expected errors, but no error returned")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSetupParseWithClientAuth(t *testing.T) {
|
func TestSetupParseWithClientAuth(t *testing.T) {
|
||||||
|
@ -203,6 +214,22 @@ func TestSetupParseWithClientAuth(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestSetupParseWithKeyType(t *testing.T) {
|
||||||
|
params := `tls {
|
||||||
|
key_type ec384
|
||||||
|
}`
|
||||||
|
c := setup.NewTestController(params)
|
||||||
|
|
||||||
|
_, err := Setup(c)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Expected no errors, got: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if KeyType != acme.EC384 {
|
||||||
|
t.Errorf("Expected 'P384' as KeyType, got %#v", KeyType)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
certFile = "test_cert.pem"
|
certFile = "test_cert.pem"
|
||||||
keyFile = "test_key.pem"
|
keyFile = "test_key.pem"
|
||||||
|
|
Loading…
Reference in a new issue