Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-03-17 15:21:22 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

caddytls: Ensure key list always gets set (fix #7555)
Some checks failed
Tests / test (./cmd/caddy/caddy, ~1.26.0, macos-14, 0, 1.26, mac) (push) Waiting to run
Details
Tests / test (./cmd/caddy/caddy.exe, ~1.26.0, windows-latest, True, 1.26, windows) (push) Waiting to run
Details
Lint / lint (macos-14, mac) (push) Waiting to run
Details
Lint / lint (windows-latest, windows) (push) Waiting to run
Details
Tests / test (./cmd/caddy/caddy, ~1.26.0, ubuntu-latest, 0, 1.26, linux) (push) Failing after 2m29s
Details
Tests / test (s390x on IBM Z) (push) Has been skipped
Details
Tests / goreleaser-check (push) Has been skipped
Details
Cross-Build / build (~1.26.0, 1.26, aix) (push) Successful in 1m26s
Details
Cross-Build / build (~1.26.0, 1.26, darwin) (push) Successful in 1m23s
Details
Cross-Build / build (~1.26.0, 1.26, dragonfly) (push) Successful in 1m38s
Details
Cross-Build / build (~1.26.0, 1.26, freebsd) (push) Successful in 1m37s
Details
Cross-Build / build (~1.26.0, 1.26, illumos) (push) Successful in 1m45s
Details
Cross-Build / build (~1.26.0, 1.26, linux) (push) Successful in 1m32s
Details
Cross-Build / build (~1.26.0, 1.26, netbsd) (push) Successful in 1m24s
Details
Cross-Build / build (~1.26.0, 1.26, openbsd) (push) Successful in 1m27s
Details
Cross-Build / build (~1.26.0, 1.26, solaris) (push) Successful in 1m31s
Details
Cross-Build / build (~1.26.0, 1.26, windows) (push) Successful in 1m29s
Details
Lint / lint (ubuntu-latest, linux) (push) Successful in 2m23s
Details
Lint / govulncheck (push) Successful in 1m44s
Details
Lint / dependency-review (push) Failing after 59s
Details
OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 6m18s
Details

Browse Source
This commit is contained in:
Matthew Holt 2026-03-16 16:21:47 -06:00
parent 1fbb28720b
commit 8499e34e10
No known key found for this signature in database
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/caddytls/ech.go
View File

@ -132,7 +132,10 @@ func (ech *ECH) Provision(ctx caddy.Context) ([]string, error) {
}
}
// ensure old keys are rotated out
// convert the configs into a structure ready for the std lib to use
ech.updateKeyList()
// ensure any old keys are rotated out
if err = ech.rotateECHKeys(ctx, logger, true); err != nil {
return nil, fmt.Errorf("rotating ECH configs: %w", err)
}
@ -179,9 +182,11 @@ func (ech *ECH) setConfigsFromStorage(ctx caddy.Context, logger *zap.Logger) ([]
return outerNames, nil
}
// rotateECHKeys updates the ECH keys/configs that are outdated. It should be called
// in a write lock on ech.configsMu. If a lock is already obtained in storage, then
// pass true for storageSynced.
// rotateECHKeys updates the ECH keys/configs that are outdated if rotation is needed.
// It should be called in a write lock on ech.configsMu. If a lock is already obtained
// in storage, then pass true for storageSynced.
//
// This function sets/updates the stdlib-ready key list only if a rotation occurs.
func (ech *ECH) rotateECHKeys(ctx caddy.Context, logger *zap.Logger, storageSynced bool) error {
storage := ctx.Storage()