By using option ca_certificates in proxy block it is possible now to select
CA against which backend certificates shall be checked.
Resolves#1550
Co-authored-by: Danny Navarro <navdgo@gmail.com>
* caddytls: Fix empty SNI handling (new -default-sni flag)
vendor: update certmagic, needed to support this
Hopefully fixes#2451, fixes#2438, and fixes#2414
* caddytls: Don't overwrite certmagic Manager (fixes#2407)
Supersedes #2447
* vendor: Update certmagic to fix nil pointer deref and TLS-ALPN cleanup
* Improve -default-sni flag help text
Execute an OPTIONS call and make sure we receive a valid response
independently of the provided username or password as the
authentication step is ignored
* Do not authenticate OPTIONS calls
* Add test for OPTIONS call
Implement `{when_iso_local}` placeholder
This implements the `{when_iso_local}` placeholder. This is like the
`{when_iso}` placeholder but the output is in the current timezone
rather than UTC.
Resolves#2362
All code relating to a caddytls.Config and setting it up from the
Caddyfile is still intact; only the certificate management-related
code was removed into a separate package.
I don't expect this to build in CI successfully; updating dependencies
and vendor is coming next.
I've also removed the ad-hoc, half-baked storage plugins that we need
to finish making first-class Caddy plugins (they were never documented
anyway). The new certmagic package has a much better storage interface,
and we can finally move toward making a new storage plugin type, but
it shouldn't be configurable in the Caddyfile, I think, since it doesn't
make sense for a Caddy instance to use more than one storage config...
We also have the option of eliminating DNS provider plugins and just
shipping all of lego's DNS providers by using a lego package (the
caddytls/setup.go file has a comment describing how) -- but it doubles
Caddy's binary size by 100% from about 19 MB to around 40 MB...!
* tls: Add support for the tls-alpn-01 challenge
Also updates lego/acme to latest on master.
TODO: This implementation of the tls-alpn challenge is not yet solvable
in a distributed Caddy cluster like the http challenge is.
* build: Allow building with the race detector
* tls: Support distributed solving of the TLS-ALPN-01 challenge
* Update vendor and add a todo in MITM checker
