mirror
/
caddy
mirror of https://github.com/caddyserver/caddy
1
0
Fork 0
Code Issues Releases Wiki Activity
caddy/modules/caddytls
History
Matt Holt d129ae6aec
caddytls: Evict internal certs from cache based on issuer (#6266) 
* caddytls: Evict internal certs from cache based on issuer

During a config reload, we would keep certs in the cache fi they were used  by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs.

This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs.

* Make sure new TLS app manages configured certs

* Actually make it work
 		2024-04-30 16:15:54 -06:00
..
distributedstek ci: use gci linter (#5708) 2023-08-14 09:41:15 -06:00
standardstek all: Recover from panics in goroutines 2020-05-12 11:36:20 -06:00
acmeissuer.go run `golangci-lint run --fix --fast` (#6270) 2024-04-24 15:17:23 -06:00
automation.go caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) 2024-04-13 21:31:43 -04:00
capools.go caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) 2024-04-13 21:31:43 -04:00
capools_test.go tls: modularize trusted CA providers (#5784) 2024-01-25 11:44:41 +03:00
certmanagers.go caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) 2024-04-13 21:31:43 -04:00
certselection.go chore: Appease gosec linter (#5777) 2023-08-23 20:47:54 -06:00
cf.go tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852) 2023-10-11 13:45:37 -06:00
connpolicy.go chore: add warn logs when using deprecated fields (#6276) 2024-04-27 15:51:00 -04:00
connpolicy_test.go modules: fix some typo in conments (#6206) 2024-03-30 02:45:42 +00:00
fileloader.go tls: accept placeholders in string values of certificate loaders (#5963) 2023-12-04 09:23:15 -07:00
folderloader.go tls: accept placeholders in string values of certificate loaders (#5963) 2023-12-04 09:23:15 -07:00
internalissuer.go chore: enabling a few more linters (#5961) 2024-01-25 15:24:58 +00:00
leaffileloader.go caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 2024-03-05 14:55:37 -07:00
leaffileloader_test.go caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 2024-03-05 14:55:37 -07:00
leaffolderloader.go caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 2024-03-05 14:55:37 -07:00
leaffolderloader_test.go caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 2024-03-05 14:55:37 -07:00
leafpemloader.go caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 2024-03-05 14:55:37 -07:00
leafpemloader_test.go caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 2024-03-05 14:55:37 -07:00
leafstorageloader.go caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 2024-03-05 14:55:37 -07:00
matchers.go connection policy: add `local_ip` matcher (#6074) 2024-04-15 21:13:24 +03:00
matchers_test.go connection policy: add `local_ip` matcher (#6074) 2024-04-15 21:13:24 +03:00
ondemand.go caddytls: Add Caddyfile support for on-demand permission module (close #6260) 2024-04-22 15:47:09 -06:00
pemloader.go tls: accept placeholders in string values of certificate loaders (#5963) 2023-12-04 09:23:15 -07:00
sessiontickets.go all: Recover from panics in goroutines 2020-05-12 11:36:20 -06:00
storageloader.go tls: accept placeholders in string values of certificate loaders (#5963) 2023-12-04 09:23:15 -07:00
tls.go caddytls: Evict internal certs from cache based on issuer (#6266) 2024-04-30 16:15:54 -06:00
values.go go.mod: Upgrade some dependencies 2020-12-08 14:06:52 -07:00
zerosslissuer.go caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) 2024-04-13 21:31:43 -04:00