Merge branch 'master' into caching-headers

572b9e4d · Pieter Raubenheimer · 3441cdef · 462128cd · 572b9e4d · 572b9e4d
Commit 572b9e4d authored Apr 03, 2016 by Pieter Raubenheimer
Hide whitespace changes
Inline Side-by-side

Showing with 49 additions and 1 deletion

caddy/https/https.go caddy/https/https.go +1 -1

caddy/https/setup.go caddy/https/setup.go +21 -0

caddy/https/setup_test.go caddy/https/setup_test.go +27 -0

No files found.
--- a/caddy/https/https.go
+++ b/caddy/https/https.go
@@ -404,7 +404,7 @@ const AlternatePort = "5033"
 // KeyType is the type to use for new keys.
 // This shouldn't need to change except for in tests;
 // the size can be drastically reduced for speed.
-var KeyType = acme.EC384
+var KeyType acme.KeyType
 // stopChan is used to signal the maintenance goroutine
 // to terminate.

--- a/caddy/https/setup.go
+++ b/caddy/https/setup.go
@@ -14,6 +14,7 @@ import (
 	"github.com/mholt/caddy/caddy/setup"
 	"github.com/mholt/caddy/middleware"
 	"github.com/mholt/caddy/server"
+	"github.com/xenolf/lego/acme"
 )
 // Setup sets up the TLS configuration and installs certificates that
@@ -51,6 +52,13 @@ func Setup(c *setup.Controller) (middleware.Middleware, error) {
 		for c.NextBlock() {
 			hadBlock = true
 			switch c.Val() {
+			case "key_type":
+				arg := c.RemainingArgs()
+				value, ok := supportedKeyTypes[strings.ToUpper(arg[0])]
+				if !ok {
+					return nil, c.Errf("Wrong KeyType name or KeyType not supported '%s'", c.Val())
+				}
+				KeyType = value
 			case "protocols":
 				args := c.RemainingArgs()
 				if len(args) != 2 {
@@ -220,6 +228,10 @@ func loadCertsInDir(c *setup.Controller, dir string) error {
 // port to 443 if not already set, TLS is enabled, TLS is manual, and the host
 // does not equal localhost.
 func setDefaultTLSParams(c *server.Config) {
+	if KeyType == "" {
+		KeyType = acme.RSA2048
+	}
 	// If no ciphers provided, use default list
 	if len(c.TLS.Ciphers) == 0 {
 		c.TLS.Ciphers = defaultCiphers
@@ -247,6 +259,15 @@ func setDefaultTLSParams(c *server.Config) {
 	}
 }
+// Map of supported key types
+var supportedKeyTypes = map[string]acme.KeyType{
+	"EC384":   acme.EC384,
+	"EC256":   acme.EC256,
+	"RSA8192": acme.RSA8192,
+	"RSA4096": acme.RSA4096,
+	"RSA2048": acme.RSA2048,
+}
 // Map of supported protocols.
 // SSLv3 will be not supported in future release.
 // HTTP/2 only supports TLS 1.2 and higher.

--- a/caddy/https/setup_test.go
+++ b/caddy/https/setup_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 	"github.com/mholt/caddy/caddy/setup"
+	"github.com/xenolf/lego/acme"
 )
 func TestMain(m *testing.M) {
@@ -170,6 +171,16 @@ func TestSetupParseWithWrongOptionalParams(t *testing.T) {
 	if err == nil {
 		t.Errorf("Expected errors, but no error returned")
 	}
+	// Test key_type wrong params
+	params = `tls {
+			key_type ab123
+		}`
+	c = setup.NewTestController(params)
+	_, err = Setup(c)
+	if err == nil {
+		t.Errorf("Expected errors, but no error returned")
+	}
 }
 func TestSetupParseWithClientAuth(t *testing.T) {
@@ -203,6 +214,22 @@ func TestSetupParseWithClientAuth(t *testing.T) {
 	}
 }
+func TestSetupParseWithKeyType(t *testing.T) {
+	params := `tls {
+            key_type ec384
+        }`
+	c := setup.NewTestController(params)
+	_, err := Setup(c)
+	if err != nil {
+		t.Errorf("Expected no errors, got: %v", err)
+	}
+	if KeyType != acme.EC384 {
+		t.Errorf("Expected 'P384' as KeyType, got %#v", KeyType)
+	}
+}
 const (
 	certFile = "test_cert.pem"
 	keyFile  = "test_key.pem"