Matthew Holt
dd203ad41f
go.mod: CertMagic v0.21.0
2024-05-07 10:17:10 -06:00
Matthew Holt
b52271061d
go.mod: Upgrade to quic-go v0.43.1
2024-05-06 20:15:43 -06:00
Matt Holt
d129ae6aec
caddytls: Evict internal certs from cache based on issuer ( #6266 )
...
* caddytls: Evict internal certs from cache based on issuer
During a config reload, we would keep certs in the cache fi they were used by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs.
This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs.
* Make sure new TLS app manages configured certs
* Actually make it work
2024-04-30 16:15:54 -06:00
Matthew Holt
a46ff50a1c
go.mod: Upgrade to quic-go v0.43.0
2024-04-27 12:01:30 -06:00
clauverjat
76c4cf5a56
caddytls: Option to configure certificate lifetime ( #6253 )
...
* Add option to configure certificate lifetime
* Bump CertMagic dep to latest master commit
* Apply suggestions and ran go mod tidy
* Update modules/caddytls/acmeissuer.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-24 14:35:14 -06:00
Matt Holt
6d97d8d87b
caddyhttp: Address some Go 1.20 features ( #6252 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-04-24 00:05:57 +00:00
Matt Holt
81413caea2
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes ( #6229 )
...
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades
* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME
* Fix go.mod
* caddytls: Fix automation related to managers (fix #6060 )
* Fix typo (appease linter)
* Fix HTTP validation with ZeroSSL API
2024-04-13 21:31:43 -04:00
Francis Lavoie
1c4a807667
chore: Upgrade some dependencies ( #6221 )
2024-04-04 18:27:52 -04:00
Mohammed Al Sahaf
7f227b9d39
chore: upgrade deps ( #6198 )
2024-03-27 14:24:18 -04:00
Marten Seemann
32f7dd44ae
chore: Update quic-go to v0.42.0 ( #6176 )
...
* update quic-go to v0.42.0
* use a rate limiter to control QUIC source address verification
* Lint
* remove deprecated ListenQUIC
* remove number of requests tracking
* increase the number of handshakes before source address verification is needed
* remove references to request counters
* remove deprecated listen*
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
2024-03-21 10:56:10 -06:00
jbrown-stripe
52822a41cb
caddyhttp: upgrade to cel v0.20.0 ( #6161 )
...
* upgrade to cel v0.20.0
* Attempt to address feedback and fix linter
* Let's try this
* Take that, you linter!
* Oh there's more
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Tristan Swadell @TristonianJones
2024-03-13 21:32:42 -06:00
Francis Lavoie
5b5f8feaf7
chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer ( #6169 )
2024-03-12 12:07:23 +03:00
Aziz Rmadi
3ae07a73dc
caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable ( #6050 )
...
* Made trusted leaf certificates pluggable into the tls.client_auth.leaf
module
* Added leaf loaders modules: file, folder, pem aand storage
* Cleaned implementation of leaf cert loader modules
* Added tests for leaf certs file and folder loaders
* cmd: fix the output of the `Usage` section (#6138 )
* core: OnExit hooks (#6128 )
* core: OnExit callbacks
* core: Process-global OnExit callbacks
* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141 )
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added more leaf certificate loaders tests and cleaned up code
* Modified leaf cert loaders json field names and cleaned up storage loader comment
* Update modules/caddytls/leaffileloader.go
* Update LeafStorageLoader certificates field name
* Upgraded protobuf version
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-05 14:55:37 -07:00
Francis Lavoie
4284e39a17
chore: Update Chroma to get the new Caddyfile lexer ( #6118 )
2024-02-20 06:23:39 -05:00
Francis Lavoie
e1b9a9d7b0
core: Add ctx.Slogger()
which returns an slog
logger ( #5945 )
2024-01-25 12:31:15 -07:00
Marten Seemann
697cc593a1
chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 ( #6043 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-01-25 13:58:19 -05:00
Mohammed Al Sahaf
b359ca565c
ci/cd: use the build tag nobadger
to exclude badgerdb ( #6031 )
...
* ci/cd: use the build tag `nobadger` to exclude badgerdb
* upgrade github.com/google/certificate-transparency-go@master
2024-01-10 21:04:11 +03:00
dependabot[bot]
1bf72db6ff
build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 ( #5994 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 16:11:51 -07:00
Kévin Dunglas
d54dcf1598
cmd: use automaxprocs for better perf in containers ( #5711 )
...
* feat: use automaxprocs for better perf in containers
* better logs
* cs
2023-12-18 15:50:26 -07:00
Aziz Rmadi
b49ec05161
go.mod: Updated quic-go to v0.40.1 ( #5983 )
2023-12-14 22:42:01 -07:00
Mohammed Al Sahaf
dc12bd9743
proxyprotocol: use github.com/pires/go-proxyproto ( #5915 )
...
* proxyprotocol: use github.com/pires/go-proxyproto
* Fix typo: r/generelly/generally
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* add config options for `Deny` CIDR and fallback policy
* use `netip` package & trust unix sockets
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-12-13 09:07:43 -07:00
Matt Holt
4a09cf0dc0
caddytls: Sync distributed storage cleaning ( #5940 )
...
* caddytls: Log out remote addr to detect abuse
* caddytls: Sync distributed storage cleaning
* Handle errors
* Update certmagic to fix tiny bug
* Split off port when logging remote IP
* Upgrade CertMagic
2023-12-07 11:00:02 -07:00
Andreas Kohn
b24ae63ea6
caddytls: Context to DecisionFunc ( #5923 )
...
See https://github.com/caddyserver/certmagic/pull/255
2023-12-07 10:40:13 -07:00
dlorenc
878d491834
chore: Bump otel to v1.21.0. ( #5949 )
...
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
2023-11-22 17:02:13 +03:00
WeidiDeng
ee358550e4
go.mod: update quic-go version to v0.40.0 ( #5922 )
2023-10-31 14:05:34 -04:00
Marten Seemann
3f55efcfde
update quic-go to v0.39.3 ( #5918 )
2023-10-27 07:52:12 -04:00
Mariano Cano
ac0ad4da84
Upgrade acmeserver to github.com/go-chi/chi/v5 ( #5913 )
...
This commit upgrades the router used in the acmeserver to
github.com/go-chi/chi/v5. In the latest release of step-ca, the router
used by certificates was upgraded to that version.
Fixes #5911
Signed-off-by: Mariano Cano <mariano.cano@gmail.com>
2023-10-23 21:02:11 -04:00
Matthew Holt
fe2a02bf7a
go.mod: Upgrade quic-go to v0.39.1
2023-10-20 15:23:35 -06:00
Ethan Brown (Domino)
9fc55a9792
go.mod: CVE-2023-45142 Update opentelemetry ( #5908 )
2023-10-20 21:15:48 +00:00
Matthew Holt
88b4fbf244
go.mod: Upgrade dependencies incl. x/net/http
...
Possibly important for the HTTP/2 Rapid Reset issue.
2023-10-10 12:01:20 -06:00
WeidiDeng
888c6d7e93
go.mod: Update quic-go to v0.38.0 ( #5772 )
...
* go.mod: Update quic-go to v0.38.0
* run "go mod tidy"
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-08-24 02:55:28 +00:00
Marten Seemann
84d5e1c5d6
update quic-go to v0.37.6 ( #5767 )
2023-08-19 23:34:15 +00:00
Matthew Holt
f11c3c9f5a
go.mod: Upgrade CertMagic and quic-go
2023-08-17 11:34:48 -06:00
Matt Holt
6cdcc2a782
ci: Update to Go 1.21 ( #5719 )
...
* ci: Update to Go 1.21
* Bump quic-go to v0.37.4
* Check EnableFullDuplex err
* Linter bug suppression
See https://github.com/timakin/bodyclose/issues/52
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-08-09 12:34:28 -04:00
Shyim
5b9c850ab3
go.mod: Upgrade golang.org/x/net to 0.14.0 ( #5718 )
2023-08-08 11:23:26 -06:00
Matthew Holt
a8cc5d1a7d
go.mod: Upgrade to quic-go v0.37.3
...
Fixes #5680 once and for all! Hopefully :)
Thank you @marten-seemann for your excellent work!
2023-08-05 18:10:15 -06:00
Matthew Holt
51b1bfb125
go.mod: Upgrade quic-go to v0.37.2 (fix #5680 )
2023-08-03 18:44:03 -06:00
Matthew Holt
e198c605bd
go.mod: Upgrade dependencies esp. smallstep/certificates
...
This prevents initialization of a .step folder when it's not used.
2023-08-02 11:48:59 -06:00
Matthew Holt
94749e119a
go.mod: Use quic-go 0.37.1
...
Should fix panic in Go 1.21 where there was no RemoteAddr.
2023-07-31 16:31:17 -06:00
Matthew Holt
4df27a20c8
go.mod: Use latest CertMagic (v0.19.1)
...
Fixes race condition
2023-07-25 10:31:47 -06:00
Marten Seemann
f45a6de20d
go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum ( #5644 )
...
* update quic-go to v0.37.0
* Bump to Go 1.20
* Bump golangci-lint version, yml syntax consistency
* Use skip-pkg-cache workaround
* Workaround needed for both?
* Seeding weakrand is no longer necessary
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-07-21 22:00:48 -06:00
bt90
f857b32d65
go.mod: update quic-go to v0.36.2 ( #5636 )
2023-07-17 14:16:43 -06:00
Matt Holt
0e2c7e1d35
caddytls: Reuse certificate cache through reloads ( #5623 )
...
* caddytls: Don't purge cert cache on config reload
* Update CertMagic
This actually avoids reloading managed certs from storage
when already in the cache, d'oh.
* Fix bug; re-implement HasCertificateForSubject
* Update go.mod: CertMagic tag
2023-07-11 19:10:58 +00:00
Marten Seemann
7914ba3573
update quic-go to v0.36.1 ( #5611 )
2023-07-01 19:34:27 -04:00
Matthew Holt
0468508e92
go.mod: Upgrade CertMagic for hotfix
2023-06-21 13:25:38 -06:00
Matthew Holt
415d1e7b6f
go.mod: Upgrade some dependencies
2023-06-21 13:25:38 -06:00
Omer Demirok
1a36b06cd4
chore: upgrade otel ( #5586 )
2023-06-21 11:46:42 -06:00
Marten Seemann
398c12ae9b
go.mod: Update quic-go to v0.36.0 ( #5584 )
2023-06-21 06:56:12 -04:00
Matthew Holt
9c180a5988
go.mod: Upgrade quic-go to 0.35.1
2023-06-01 11:28:33 -06:00
Marten Seemann
467b7e3a9c
update quic-go to v0.35.0 ( #5560 )
2023-05-30 05:41:57 -04:00