1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00
caddy/modules/caddytls
Karol Będkowski b814c0af9c
tls/client auth: verify first certificates in client request (#3344)
When client certificate is enabled Caddy check only last certificate from
request. When this cert is not in list of trusted leaf certificates,
connection is rejected. According to RFC TLS1.x the sender's certificate
must come first in the list.  Each following certificate must directly
certify the one preceding it.

This patch fix this problem - first certificate is checked instead of last.
2020-05-06 10:07:13 -06:00
..
distributedstek Refactor for CertMagic v0.10; prepare for PKI app 2020-03-06 23:15:25 -07:00
standardstek v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924) 2019-12-10 13:36:46 -07:00
acmeissuer.go caddytls: Finish upgrading to libdns DNS providers for ACME challenges 2020-05-02 17:23:36 -06:00
automation.go caddytls: Fix namespace tls.dns -> dns.providers 2020-05-02 16:28:10 -06:00
certselection.go caddytls: Encode big.Int as string with JSON 2020-04-02 09:43:33 -06:00
connpolicy.go tls/client auth: verify first certificates in client request (#3344) 2020-05-06 10:07:13 -06:00
dnssolver.go caddytls: Finish upgrading to libdns DNS providers for ACME challenges 2020-05-02 17:23:36 -06:00
fileloader.go chore: make the linter happier (#3245) 2020-04-08 15:31:51 -06:00
folderloader.go v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924) 2019-12-10 13:36:46 -07:00
internalissuer.go pki: Embedded ACME server (#3198) 2020-05-05 12:35:32 -06:00
matchers.go caddytls: Match automation policies by wildcard subjects too 2020-03-26 14:01:38 -06:00
matchers_test.go caddytls: Support wildcard matching in ServerName conn policy matcher 2020-03-20 15:51:37 -06:00
pemloader.go chore: make the linter happier (#3245) 2020-04-08 15:31:51 -06:00
sessiontickets.go v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924) 2019-12-10 13:36:46 -07:00
tls.go caddytls: Don't initialize default internal issuer unless necessary 2020-04-09 13:09:48 -06:00
values.go caddytls: Update cipher suite names and curve names 2020-04-01 14:09:29 -06:00