0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-23 22:27:38 -05:00
caddy/caddytls
Matthew Holt b699a17a1b
tls: Fix OCSP stapling bug when certificate names overlap other certs
https://caddy.community/t/random-ocsp-response-errors-for-random-clients/2473?u=matt

Certificates are keyed by name in the cache, optimized for fast lookups
during TLS handshakes using SNI. A more "correct" way that is truly a
1:1 would be to cache certificates by a hash of the leaf's DER bytes,
but this involves an extra index to maintain. So instead of that, we
simply choose to prevent overlap when keying certificates by server
name. This avoids the ambiguity when updating OCSP staples, for instance.
2017-08-12 00:12:22 -06:00
..
storagetest Refactor and improve TLS storage code (related to locking) 2016-09-19 17:24:34 -06:00
certificates.go tls: Fix OCSP stapling bug when certificate names overlap other certs 2017-08-12 00:12:22 -06:00
certificates_test.go fix typo 2016-08-09 14:57:17 +09:00
client.go Disable warning for insecure CA if located on private network. (#1599) 2017-04-20 05:38:54 -06:00
client_test.go
config.go tls: Prefer ChaCha20 if AES-NI instruction set is unavailable (#1675) 2017-05-17 10:45:17 -06:00
config_test.go tls: Prefer ChaCha20 if AES-NI instruction set is unavailable (#1675) 2017-05-17 10:45:17 -06:00
crypto.go Set session ticket keys properly (fixed in Go 1.8) 2017-01-15 09:30:02 -07:00
crypto_test.go Remove dead code, do struct alignment, simplify code 2016-10-25 19:19:54 +02:00
filestorage.go Log certificate location 2017-03-06 21:56:24 +00:00
filestorage_test.go Pluggable TLS Storage (#913) 2016-07-08 07:32:31 -06:00
handshake.go tls: Refactor internals related to TLS configurations (#1466) 2017-02-21 09:49:22 -07:00
handshake_test.go tls: Refactor internals related to TLS configurations (#1466) 2017-02-21 09:49:22 -07:00
httphandler.go tls: Command line flags to disable HTTP and TLS-SNI challenges 2017-03-08 00:06:49 -07:00
httphandler_test.go ACME challenge proxy now accounts for ListenHost (bind); fixes #1296 2016-12-23 09:40:03 -07:00
maintain.go tls: Fix OCSP stapling bug when certificate names overlap other certs 2017-08-12 00:12:22 -06:00
setup.go tls: add optional 'ca' tls directive, closes #1689 (#1699) 2017-06-24 11:10:44 -07:00
setup_test.go tls: add optional 'ca' tls directive, closes #1689 (#1699) 2017-06-24 11:10:44 -07:00
storage.go Refactor and improve TLS storage code (related to locking) 2016-09-19 17:24:34 -06:00
tls.go caddytls: introduced own ChallengeProvider type to fix imports related to vendor (#1700) 2017-06-06 09:23:00 -06:00
tls_test.go Refactor and improve TLS storage code (related to locking) 2016-09-19 17:24:34 -06:00
user.go Fix small misspellings 2017-01-10 13:09:24 -08:00
user_test.go tls: Improve flaky test depending on CPU scheduling (I think) 2016-11-28 23:37:22 -07:00