diff options
Diffstat (limited to 'latest_tls13.patch')
-rw-r--r-- | latest_tls13.patch | 249 |
1 files changed, 249 insertions, 0 deletions
diff --git a/latest_tls13.patch b/latest_tls13.patch new file mode 100644 index 000000000000..2c606bc7455e --- /dev/null +++ b/latest_tls13.patch @@ -0,0 +1,249 @@ +diff --git a/appveyor.yml b/appveyor.yml +index b19eb7a..7d04da9 100644 +--- a/appveyor.yml ++++ b/appveyor.yml +@@ -10,7 +10,7 @@ clone_folder: c:\gopath\src\github.com\mholt\caddy + environment: + GOPATH: c:\gopath + +-stack: go 1.11 ++stack: go 1.12 + + install: + - set PATH=%GOPATH%\bin;%PATH% +diff --git a/caddyhttp/internalsrv/setup.go b/caddyhttp/internalsrv/setup.go +index 35c79d2..f70147a 100644 +--- a/caddyhttp/internalsrv/setup.go ++++ b/caddyhttp/internalsrv/setup.go +@@ -33,7 +33,12 @@ func setup(c *caddy.Controller) error { + return err + } + +- httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler { ++ // Append Internal paths to Caddy config HiddenFiles to ensure ++ // files do not appear in Browse ++ config := httpserver.GetConfig(c) ++ config.HiddenFiles = append(config.HiddenFiles, paths...) ++ ++ config.AddMiddleware(func(next httpserver.Handler) httpserver.Handler { + return Internal{Next: next, Paths: paths} + }) + +diff --git a/caddyhttp/staticfiles/fileserver.go b/caddyhttp/staticfiles/fileserver.go +index 93a7c6d..0863ebe 100644 +--- a/caddyhttp/staticfiles/fileserver.go ++++ b/caddyhttp/staticfiles/fileserver.go +@@ -53,7 +53,7 @@ type FileServer struct { + + // ServeHTTP serves static files for r according to fs's configuration. + func (fs FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) { +- if r.Method != "GET" { ++ if r.Method != "GET" && r.Method != "HEAD" { + return http.StatusMethodNotAllowed, nil + } + return fs.serveFile(w, r) +diff --git a/caddytls/config.go b/caddytls/config.go +index 77d3795..939f3df 100644 +--- a/caddytls/config.go ++++ b/caddytls/config.go +@@ -407,7 +407,7 @@ func SetDefaultTLSParams(config *Config) { + config.ProtocolMinVersion = tls.VersionTLS12 + } + if config.ProtocolMaxVersion == 0 { +- config.ProtocolMaxVersion = tls.VersionTLS12 ++ config.ProtocolMaxVersion = tls.VersionTLS13 + } + + // Prefer server cipher suites +@@ -430,6 +430,7 @@ var SupportedProtocols = map[string]uint16{ + "tls1.0": tls.VersionTLS10, + "tls1.1": tls.VersionTLS11, + "tls1.2": tls.VersionTLS12, ++ "tls1.3": tls.VersionTLS13, + } + + // GetSupportedProtocolName returns the protocol name +diff --git a/caddytls/selfsigned.go b/caddytls/selfsigned.go +index 367cd73..60d5345 100644 +--- a/caddytls/selfsigned.go ++++ b/caddytls/selfsigned.go +@@ -62,13 +62,10 @@ func newSelfSignedCertificate(ssconfig selfSignedConfig) (tls.Certificate, error + if len(ssconfig.SAN) == 0 { + ssconfig.SAN = []string{""} + } +- var names []string + for _, san := range ssconfig.SAN { + if ip := net.ParseIP(san); ip != nil { +- names = append(names, strings.ToLower(ip.String())) + cert.IPAddresses = append(cert.IPAddresses, ip) + } else { +- names = append(names, strings.ToLower(san)) + cert.DNSNames = append(cert.DNSNames, strings.ToLower(san)) + } + } +diff --git a/caddytls/setup.go b/caddytls/setup.go +index 02a694b..798c743 100644 +--- a/caddytls/setup.go ++++ b/caddytls/setup.go +@@ -34,6 +34,10 @@ import ( + ) + + func init() { ++ // opt-in TLS 1.3 for Go1.12 ++ // TODO: remove this line when Go1.13 is released. ++ os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1") ++ + caddy.RegisterPlugin("tls", caddy.Plugin{Action: setupTLS}) + + // ensure the default Storage implementation is plugged in +diff --git a/caddytls/setup_test.go b/caddytls/setup_test.go +index e973eb2..3c5ded0 100644 +--- a/caddytls/setup_test.go ++++ b/caddytls/setup_test.go +@@ -75,8 +75,8 @@ func TestSetupParseBasic(t *testing.T) { + if cfg.ProtocolMinVersion != tls.VersionTLS12 { + t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMinVersion, got %#v", cfg.ProtocolMinVersion) + } +- if cfg.ProtocolMaxVersion != tls.VersionTLS12 { +- t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", cfg.ProtocolMaxVersion) ++ if cfg.ProtocolMaxVersion != tls.VersionTLS13 { ++ t.Errorf("Expected 'tls1.3 (0x0304)' as ProtocolMaxVersion, got %#v", cfg.ProtocolMaxVersion) + } + + // Cipher checks +diff --git a/vendor/github.com/mholt/certmagic/config.go b/vendor/github.com/mholt/certmagic/config.go +index 77072d4..a6528da 100644 +--- a/vendor/github.com/mholt/certmagic/config.go ++++ b/vendor/github.com/mholt/certmagic/config.go +@@ -240,6 +240,10 @@ func NewWithCache(certCache *Cache, cfg Config) *Config { + // prepared to serve them up during TLS handshakes. + func (cfg *Config) Manage(domainNames []string) error { + for _, domainName := range domainNames { ++ if !HostQualifies(domainName) { ++ return fmt.Errorf("name does not qualify for automatic certificate management: %s", domainName) ++ } ++ + // if on-demand is configured, simply whitelist this name + if cfg.OnDemand != nil { + if !cfg.OnDemand.whitelistContains(domainName) { +@@ -289,6 +293,9 @@ func (cfg *Config) Manage(domainNames []string) error { + // it does not load them into memory. If interactive is true, + // the user may be shown a prompt. + func (cfg *Config) ObtainCert(name string, interactive bool) error { ++ if cfg.storageHasCertResources(name) { ++ return nil ++ } + skip, err := cfg.preObtainOrRenewChecks(name, interactive) + if err != nil { + return err +@@ -296,16 +303,10 @@ func (cfg *Config) ObtainCert(name string, interactive bool) error { + if skip { + return nil + } +- +- if cfg.storageHasCertResources(name) { +- return nil +- } +- + client, err := cfg.newACMEClient(interactive) + if err != nil { + return err + } +- + return client.Obtain(name) + } + +diff --git a/vendor/github.com/mholt/certmagic/user.go b/vendor/github.com/mholt/certmagic/user.go +index 9055a15..e5852d5 100644 +--- a/vendor/github.com/mholt/certmagic/user.go ++++ b/vendor/github.com/mholt/certmagic/user.go +@@ -84,10 +84,11 @@ func (cfg *Config) getEmail(allowPrompts bool) error { + leEmail = Email + } + // Then try to get most recent user email from storage ++ var gotRecentEmail bool + if leEmail == "" { +- leEmail = cfg.mostRecentUserEmail() ++ leEmail, gotRecentEmail = cfg.mostRecentUserEmail() + } +- if leEmail == "" && allowPrompts { ++ if !gotRecentEmail && leEmail == "" && allowPrompts { + // Looks like there is no email address readily available, + // so we will have to ask the user if we can. + var err error +@@ -95,10 +96,14 @@ func (cfg *Config) getEmail(allowPrompts bool) error { + if err != nil { + return err + } +- cfg.Agreed = true + } +- // lower-casing the email is important for consistency +- cfg.Email = strings.ToLower(leEmail) ++ ++ // save the email for later and ensure it is consistent ++ // for repeated use; then update cfg with our new defaults ++ Email = strings.TrimSpace(strings.ToLower(leEmail)) ++ cfg.Email = Email ++ cfg.Agreed = Agreed ++ + return nil + } + +@@ -123,6 +128,11 @@ func (cfg *Config) getAgreementURL() (string, error) { + return dir.Meta.TermsOfService, nil + } + ++// promptUserForEmail prompts the user for an email address ++// and returns the email address they entered (which could ++// be the empty string). If no error is returned, then Agreed ++// will also be set to true, since continuing through the ++// prompt signifies agreement. + func (cfg *Config) promptUserForEmail() (string, error) { + agreementURL, err := cfg.getAgreementURL() + if err != nil { +@@ -139,6 +149,7 @@ func (cfg *Config) promptUserForEmail() (string, error) { + return "", fmt.Errorf("reading email address: %v", err) + } + leEmail = strings.TrimSpace(leEmail) ++ Agreed = true + return leEmail, nil + } + +@@ -234,10 +245,10 @@ func (cfg *Config) askUserAgreement(agreementURL string) bool { + // in s. Since this is part of a complex sequence to get a user + // account, errors here are discarded to simplify code flow in + // the caller, and errors are not important here anyway. +-func (cfg *Config) mostRecentUserEmail() string { ++func (cfg *Config) mostRecentUserEmail() (string, bool) { + userList, err := cfg.certCache.storage.List(StorageKeys.UsersPrefix(cfg.CA), false) + if err != nil || len(userList) == 0 { +- return "" ++ return "", false + } + sort.Slice(userList, func(i, j int) bool { + iInfo, _ := cfg.certCache.storage.Stat(userList[i]) +@@ -246,9 +257,9 @@ func (cfg *Config) mostRecentUserEmail() string { + }) + user, err := cfg.getUser(path.Base(userList[0])) + if err != nil { +- return "" ++ return "", false + } +- return user.Email ++ return user.Email, true + } + + // agreementTestURL is set during tests to skip requiring +diff --git a/vendor/manifest b/vendor/manifest +index 0abcba8..d00333f 100644 +--- a/vendor/manifest ++++ b/vendor/manifest +@@ -138,7 +138,7 @@ + "importpath": "github.com/mholt/certmagic", + "repository": "https://github.com/mholt/certmagic", + "vcs": "git", +- "revision": "a7f18a937c080b88693cd4e14d48e42cc067b268", ++ "revision": "e3e89d1096d76d61680f8eeb8f67649baa6c54b8", + "branch": "master", + "notests": true + }, |