Matthew Holt
fb22a26b1a
caddytls: Allow missing ECH meta file
2025-04-18 12:20:21 -06:00
Matt Holt
1bfa111552
caddytls: Prefer managed wildcard certs over individual subdomain certs ( #6959 )
...
* caddytls: Prefer managed wildcard certs over individual subdomain certs
* Repurpose force_automate as no_wildcard
* Fix a couple bugs
* Restore force_automate and use automate loader as wildcard override
2025-04-18 11:44:23 -06:00
Matthew Holt
9becf61a9f
go.mod: Upgrade to libdns 1.0 beta APIs (requires upgraded DNS providers)
...
Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 2m27s
Tests / test (s390x on IBM Z) (push) Has been skipped
Tests / goreleaser-check (push) Has been skipped
Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m23s
Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m20s
Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m21s
Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Successful in 1m21s
Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m17s
Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m23s
Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m18s
Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m18s
Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m18s
Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m19s
Lint / lint (ubuntu-latest, linux) (push) Successful in 2m26s
Lint / govulncheck (push) Successful in 1m38s
Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (windows-latest, windows) (push) Has been cancelled
This is the only way we can properly, reliably support ECH.
2025-04-07 12:43:11 -06:00
Matthew Holt
ea77a9ab67
caddytls: Temporarily treat "" and "@" as equivalent for DNS publication
...
Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 1m41s
Tests / test (s390x on IBM Z) (push) Has been skipped
Tests / goreleaser-check (push) Has been skipped
Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m33s
Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m29s
Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m29s
Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Failing after 13m24s
Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m45s
Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m20s
Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m22s
Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m19s
Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m21s
Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m32s
Lint / lint (ubuntu-latest, linux) (push) Successful in 2m0s
Lint / govulncheck (push) Successful in 1m12s
Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (windows-latest, windows) (push) Has been cancelled
Fixes https://github.com/caddyserver/caddy/issues/6895#issuecomment-2750111096
2025-03-25 16:24:16 -06:00
Matthew Holt
782a3c7ac6
caddytls: Don't publish HTTPS record for CNAME'd domain ( fix #6922 )
2025-03-24 09:55:26 -06:00
Matthew Holt
1f8dab572c
caddytls: Don't publish ECH configs if other records don't exist
...
Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 1m27s
Tests / test (s390x on IBM Z) (push) Has been skipped
Tests / goreleaser-check (push) Has been skipped
Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m17s
Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m23s
Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m22s
Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Successful in 1m14s
Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m15s
Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m13s
Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m26s
Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m13s
Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m16s
Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m13s
Lint / lint (ubuntu-latest, linux) (push) Successful in 1m51s
Lint / govulncheck (push) Successful in 1m7s
Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (windows-latest, windows) (push) Has been cancelled
Publishing a DNS record for a name that doesn't have any could make wildcards ineffective, which would be surprising for site owners and could lead to downtime.
2025-03-12 16:33:14 -06:00
Matthew Holt
39262f8663
caddytls: Minor fixes for ECH
2025-03-11 08:12:48 -06:00
Matthew Holt
d57ab215a2
caddytls: Pointer receiver ( fix #6885 )
Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 1m23s
Tests / test (s390x on IBM Z) (push) Has been skipped
Tests / goreleaser-check (push) Has been skipped
Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m17s
Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m29s
Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m16s
Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Successful in 1m15s
Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m21s
Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m21s
Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m39s
Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m15s
Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m15s
Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m17s
Lint / lint (ubuntu-latest, linux) (push) Successful in 1m54s
Lint / govulncheck (push) Successful in 1m19s
Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (windows-latest, windows) (push) Has been cancelled
2025-03-08 14:19:06 -07:00
Matthew Holt
bc3d497739
caddytls: Fix broken refactor
...
Not sure how that happened...
2025-03-06 08:54:40 -07:00
Matthew Holt
a807fe0659
caddytls: Enhance ECH documentation
2025-03-06 08:52:52 -07:00
Matt Holt
d7764dfdbb
caddytls: Encrypted ClientHello (ECH) ( #6862 )
...
* caddytls: Initial commit of Encrypted ClientHello (ECH)
* WIP Caddyfile
* Fill out Caddyfile support
* Enhance godoc comments
* Augment, don't overwrite, HTTPS records
* WIP
* WIP: publication history
* Fix republication logic
* Apply global DNS module to ACME challenges
This allows DNS challenges to be enabled without locally-configured DNS modules
* Ignore false positive from prealloc linter
* ci: Use only latest Go version (1.24 currently)
We no longer support older Go versions, for security benefits.
* Remove old commented code
Static ECH keys for now
* Implement SendAsRetry
2025-03-05 17:04:10 -07:00
