forked from forgejo/forgejo
Upgrade certmagic from v0.14.1 to v0.15.2 (#18138)
This commit is contained in:
Lunny Xiao
GitHub
parent
385dc6a992
commit
e9c9a35a61
20 changed files with 294 additions and 142 deletions
76
vendor/github.com/caddyserver/certmagic/config.go
generated
vendored
76
vendor/github.com/caddyserver/certmagic/config.go
generated
vendored
|
|
@ -247,8 +247,28 @@ func newWithCache(certCache *Cache, cfg Config) *Config {
|
|||
// of the given domainNames. This behavior is recommended for
|
||||
// interactive use (i.e. when an administrator is present) so
|
||||
// that errors can be reported and fixed immediately.
|
||||
func (cfg *Config) ManageSync(domainNames []string) error {
|
||||
return cfg.manageAll(context.Background(), domainNames, false)
|
||||
func (cfg *Config) ManageSync(ctx context.Context, domainNames []string) error {
|
||||
return cfg.manageAll(ctx, domainNames, false)
|
||||
}
|
||||
|
||||
// ManageAsync is the same as ManageSync, except that ACME
|
||||
// operations are performed asynchronously (in the background).
|
||||
// This method returns before certificates are ready. It is
|
||||
// crucial that the administrator monitors the logs and is
|
||||
// notified of any errors so that corrective action can be
|
||||
// taken as soon as possible. Any errors returned from this
|
||||
// method occurred before ACME transactions started.
|
||||
//
|
||||
// As long as logs are monitored, this method is typically
|
||||
// recommended for non-interactive environments.
|
||||
//
|
||||
// If there are failures loading, obtaining, or renewing a
|
||||
// certificate, it will be retried with exponential backoff
|
||||
// for up to about 30 days, with a maximum interval of about
|
||||
// 24 hours. Cancelling ctx will cancel retries and shut down
|
||||
// any goroutines spawned by ManageAsync.
|
||||
func (cfg *Config) ManageAsync(ctx context.Context, domainNames []string) error {
|
||||
return cfg.manageAll(ctx, domainNames, true)
|
||||
}
|
||||
|
||||
// ClientCredentials returns a list of TLS client certificate chains for the given identifiers.
|
||||
|
|
@ -274,26 +294,6 @@ func (cfg *Config) ClientCredentials(ctx context.Context, identifiers []string)
|
|||
return chains, nil
|
||||
}
|
||||
|
||||
// ManageAsync is the same as ManageSync, except that ACME
|
||||
// operations are performed asynchronously (in the background).
|
||||
// This method returns before certificates are ready. It is
|
||||
// crucial that the administrator monitors the logs and is
|
||||
// notified of any errors so that corrective action can be
|
||||
// taken as soon as possible. Any errors returned from this
|
||||
// method occurred before ACME transactions started.
|
||||
//
|
||||
// As long as logs are monitored, this method is typically
|
||||
// recommended for non-interactive environments.
|
||||
//
|
||||
// If there are failures loading, obtaining, or renewing a
|
||||
// certificate, it will be retried with exponential backoff
|
||||
// for up to about 30 days, with a maximum interval of about
|
||||
// 24 hours. Cancelling ctx will cancel retries and shut down
|
||||
// any goroutines spawned by ManageAsync.
|
||||
func (cfg *Config) ManageAsync(ctx context.Context, domainNames []string) error {
|
||||
return cfg.manageAll(ctx, domainNames, true)
|
||||
}
|
||||
|
||||
func (cfg *Config) manageAll(ctx context.Context, domainNames []string, async bool) error {
|
||||
if ctx == nil {
|
||||
ctx = context.Background()
|
||||
|
|
@ -863,20 +863,28 @@ func (cfg *Config) RevokeCert(ctx context.Context, domain string, reason int, in
|
|||
return nil
|
||||
}
|
||||
|
||||
// TLSConfig is an opinionated method that returns a
|
||||
// recommended, modern TLS configuration that can be
|
||||
// used to configure TLS listeners, which also supports
|
||||
// the TLS-ALPN challenge and serves up certificates
|
||||
// managed by cfg.
|
||||
// TLSConfig is an opinionated method that returns a recommended, modern
|
||||
// TLS configuration that can be used to configure TLS listeners. Aside
|
||||
// from safe, modern defaults, this method sets two critical fields on the
|
||||
// TLS config which are required to enable automatic certificate
|
||||
// management: GetCertificate and NextProtos.
|
||||
//
|
||||
// Unlike the package TLS() function, this method does
|
||||
// not, by itself, enable certificate management for
|
||||
// any domain names.
|
||||
// The GetCertificate field is necessary to get certificates from memory
|
||||
// or storage, including both manual and automated certificates. You
|
||||
// should only change this field if you know what you are doing.
|
||||
//
|
||||
// Feel free to further customize the returned tls.Config,
|
||||
// but do not mess with the GetCertificate or NextProtos
|
||||
// fields unless you know what you're doing, as they're
|
||||
// necessary to solve the TLS-ALPN challenge.
|
||||
// The NextProtos field is pre-populated with a special value to enable
|
||||
// solving the TLS-ALPN ACME challenge. Because this method does not
|
||||
// assume any particular protocols after the TLS handshake is completed,
|
||||
// you will likely need to customize the NextProtos field by prepending
|
||||
// your application's protocols to the slice. For example, to serve
|
||||
// HTTP, you will need to prepend "h2" and "http/1.1" values. Be sure to
|
||||
// leave the acmez.ACMETLS1Protocol value intact, however, or TLS-ALPN
|
||||
// challenges will fail (which may be acceptable if you are not using
|
||||
// ACME, or specifically, the TLS-ALPN challenge).
|
||||
//
|
||||
// Unlike the package TLS() function, this method does not, by itself,
|
||||
// enable certificate management for any domain names.
|
||||
func (cfg *Config) TLSConfig() *tls.Config {
|
||||
return &tls.Config{
|
||||
// these two fields necessary for TLS-ALPN challenge
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue