github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-02-01 19:19:28 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
b699a17a1b
caddy/caddytls
History
Matthew Holt b699a17a1b
tls: Fix OCSP stapling bug when certificate names overlap other certs 
https://caddy.community/t/random-ocsp-response-errors-for-random-clients/2473?u=matt

Certificates are keyed by name in the cache, optimized for fast lookups
during TLS handshakes using SNI. A more "correct" way that is truly a
1:1 would be to cache certificates by a hash of the leaf's DER bytes,
but this involves an extra index to maintain. So instead of that, we
simply choose to prevent overlap when keying certificates by server
name. This avoids the ambiguity when updating OCSP staples, for instance.
2017-08-12 00:12:22 -06:00
..
storagetest Refactor and improve TLS storage code (related to locking) 2016-09-19 17:24:34 -06:00
certificates_test.go fix typo 2016-08-09 14:57:17 +09:00
certificates.go tls: Fix OCSP stapling bug when certificate names overlap other certs 2017-08-12 00:12:22 -06:00
client_test.go Rewrote Caddy from the ground up; initial commit of 0.9 branch 2016-06-04 17:00:29 -06:00
client.go Disable warning for insecure CA if located on private network. (#1599) 2017-04-20 05:38:54 -06:00
config_test.go tls: Prefer ChaCha20 if AES-NI instruction set is unavailable (#1675) 2017-05-17 10:45:17 -06:00
config.go tls: Prefer ChaCha20 if AES-NI instruction set is unavailable (#1675) 2017-05-17 10:45:17 -06:00
crypto_test.go Remove dead code, do struct alignment, simplify code 2016-10-25 19:19:54 +02:00
crypto.go Set session ticket keys properly (fixed in Go 1.8) 2017-01-15 09:30:02 -07:00
filestorage_test.go Pluggable TLS Storage (#913) 2016-07-08 07:32:31 -06:00
filestorage.go Log certificate location 2017-03-06 21:56:24 +00:00
handshake_test.go tls: Refactor internals related to TLS configurations (#1466) 2017-02-21 09:49:22 -07:00
handshake.go tls: Refactor internals related to TLS configurations (#1466) 2017-02-21 09:49:22 -07:00
httphandler_test.go ACME challenge proxy now accounts for ListenHost (bind); fixes #1296 2016-12-23 09:40:03 -07:00
httphandler.go tls: Command line flags to disable HTTP and TLS-SNI challenges 2017-03-08 00:06:49 -07:00
maintain.go tls: Fix OCSP stapling bug when certificate names overlap other certs 2017-08-12 00:12:22 -06:00
setup_test.go tls: add optional 'ca' tls directive, closes #1689 (#1699) 2017-06-24 11:10:44 -07:00
setup.go tls: add optional 'ca' tls directive, closes #1689 (#1699) 2017-06-24 11:10:44 -07:00
storage.go Refactor and improve TLS storage code (related to locking) 2016-09-19 17:24:34 -06:00
tls_test.go Refactor and improve TLS storage code (related to locking) 2016-09-19 17:24:34 -06:00
tls.go caddytls: introduced own ChallengeProvider type to fix imports related to vendor (#1700) 2017-06-06 09:23:00 -06:00
user_test.go tls: Improve flaky test depending on CPU scheduling (I think) 2016-11-28 23:37:22 -07:00
user.go Fix small misspellings 2017-01-10 13:09:24 -08:00