caddy/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt at e965b111cdf46109b4ed87e607e8dce5225105f4

mirror of https://github.com/caddyserver/caddy.git synced 2025-01-06 22:40:31 -05:00

Mohammed Al Sahaf e965b111cd

tls: modularize trusted CA providers (#5784 )

* tls: modularize client authentication trusted CA

* add `omitempty` to `CARaw`

* docs

* initial caddyfile support

* revert anything related to leaf cert validation

The certs are used differently than the CA pool flow

* complete caddyfile unmarshalling implementation

* Caddyfile syntax documentation

* enhance caddyfile parsing and documentation

Apply suggestions from code review

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* add client_auth caddyfile tests

* add caddyfile unmarshalling tests

* fix and add missed adapt tests

* fix rebase issue

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

2024-01-25 11:44:41 +03:00

1 KiB

Raw Blame History

localhost

respond "hello from localhost" tls { client_auth { mode request trust_pool file { pem_file ../caddy.ca.cer } } }

{ "apps": { "http": { "servers": { "srv0": { "listen": [ ":443" ], "routes": [ { "match": [ { "host": [ "localhost" ] } ], "handle": [ { "handler": "subroute", "routes": [ { "handle": [ { "body": "hello from localhost", "handler": "static_response" } ] } ] } ], "terminal": true } ], "tls_connection_policies": [ { "match": { "sni": [ "localhost" ] }, "client_authentication": { "ca": { "pem_files": [ "../caddy.ca.cer" ], "provider": "file" }, "mode": "request" } }, {} ] } } } } }

1 KiB Raw Blame History

respond "hello from localhost" tls { client_auth { mode request trust_pool file { pem_file ../caddy.ca.cer } } }

1 KiB

Raw Blame History