a6d488a15b
go.mod: update quic-go to v0.51.0 ( #6972 )
2025-04-20 07:39:00 -06:00
0b2802faa4
build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 ( #6960 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.38.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-16 23:34:35 +00:00
137711ae3e
go.mod: Upgrade acmez and certmagic
2025-04-15 15:08:12 -06:00
9becf61a9f
go.mod: Upgrade to libdns 1.0 beta APIs (requires upgraded DNS providers)
...
This is the only way we can properly, reliably support ECH.
2025-04-07 12:43:11 -06:00
7672b7848f
go.mod: Upgrade CertMagic
...
Hotfix for wildcard certs (regression in beta 3)
2025-03-24 20:51:05 -06:00
86c620fb4e
go.mod: Minor dependency upgrades
2025-03-24 16:16:11 -06:00
7b1f00c330
update quic-go to v0.50.1 ( #6918 )
2025-03-21 07:33:49 -06:00
1641e76fd7
go.mod: Upgrade dependencies
2025-03-06 09:52:02 -07:00
3644ee31ca
build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 ( #6876 )
...
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-05 17:11:11 -07:00
d7764dfdbb
caddytls: Encrypted ClientHello (ECH) ( #6862 )
...
* caddytls: Initial commit of Encrypted ClientHello (ECH)
* WIP Caddyfile
* Fill out Caddyfile support
* Enhance godoc comments
* Augment, don't overwrite, HTTPS records
* WIP
* WIP: publication history
* Fix republication logic
* Apply global DNS module to ACME challenges
This allows DNS challenges to be enabled without locally-configured DNS modules
* Ignore false positive from prealloc linter
* ci: Use only latest Go version (1.24 currently)
We no longer support older Go versions, for security benefits.
* Remove old commented code
Static ECH keys for now
* Implement SendAsRetry
2025-03-05 17:04:10 -07:00
eacd7720e9
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 ( #6871 )
...
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.3...v3.0.4 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 14:02:16 -07:00
02e348f911
chore: upgrade cobra ( #6868 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-03-03 13:49:17 -07:00
fd4de7e0ae
chore: update quic-go to v0.50.0 ( #6854 )
2025-02-20 12:45:52 +03:00
0d7c63920d
go.mod: remove glog dependency ( #6838 )
...
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2025-02-17 15:08:39 +00:00
172136a0a0
caddytls: Support post-quantum key exchange mechanism X25519MLKEM768
...
Also bump minimum Go version to 1.24.
2025-02-11 22:43:54 -07:00
9996d6a70b
build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.4 ( #6814 )
...
Bumps [github.com/golang/glog](https://github.com/golang/glog ) from 1.2.2 to 1.2.4.
- [Release notes](https://github.com/golang/glog/releases )
- [Commits](https://github.com/golang/glog/compare/v1.2.2...v1.2.4 )
---
updated-dependencies:
- dependency-name: github.com/golang/glog
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-28 17:25:11 -07:00
066d770409
cmd: automatically set GOMEMLIMIT ( #6809 )
...
* feat: automatically set GOMEMLIMIT
* add system support
* comments
* add logs
2025-01-27 09:32:24 -07:00
8d748bee71
chore: update quic-go to v0.49.0 ( #6803 )
2025-01-23 23:07:19 -05:00
99073eaa33
go.mod: Upgrade CertMagic to v0.21.7
...
Fixes rare edge case panics related to ARI
2025-01-17 06:54:58 -07:00
2c4295ee48
caddytls: Initial support for ACME profiles
...
Still very experimental; only deployed to LE staging so far.
2025-01-09 13:57:00 -07:00
0e570e0cc7
go.mod: UPgrade CertMagic to 0.21.6 (fix ARI handshake maintenance)
2025-01-08 07:43:27 -07:00
3f3f8b3d52
go.mod: Upgrade CertMagic to v0.21.5
2024-12-30 10:51:55 -07:00
ed1c594cdb
go.mod: Upgrade ACMEz to v3; and upgrade CertMagic
2024-12-19 12:17:07 -07:00
a1751adb40
chore: bump golang.org/x/net to v0.32.0 ( #6728 )
2024-12-05 09:28:07 -05:00
22b9d51268
go.mod: Upgrade quic-go to 0.48.2
2024-11-26 10:47:55 -07:00
da88ec152c
go.mod: Update certmagic
2024-11-05 11:03:54 -07:00
91e34139a1
go.mod: upgrade only some otel deps ( #6676 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-11-04 19:10:05 -05:00
a3481f871b
Fix tests
2024-11-04 16:04:10 -07:00
00f948c605
go.mod: Update dependencies
2024-11-04 14:53:10 -07:00
4457afc170
chore: Bump quic-go to 0.48.1, fixing a panic ( #6654 )
2024-10-22 19:29:46 +00:00
a211c656f1
chore: update quic-go to v0.48.0 ( #6627 )
2024-10-15 09:38:10 -04:00
2ae58ac13e
go.mod: Upgrade some dependencies
2024-10-02 16:00:48 -06:00
792f1c7ed7
caddyhttp: Escaping placeholders in CEL, add `vars` and `vars_regexp` ( #6594 )
...
* caddyhttp: Escaping placeholders in CEL
* Simplify some of the test cases
* Implement vars and vars_regexp in CEL
* dupl lint is dumb
* Better consts for the placeholder CEL shortcut
* Bump CEL version, register a few extensions
* Refactor s390x test script for readability
* Add retries for s390x to smooth over flakiness
* Switch to `ph` for the CEL shortcut (match it in templates cause why not)
2024-10-02 06:34:04 -06:00
ff67b97126
caddyhttp: enable qlog, controlled by QLOGDIR env ( #6581 )
2024-09-21 05:47:18 +02:00
5b44d6cea8
update quic-go to v0.47.0 ( #6582 )
2024-09-20 17:00:13 -04:00
2028da4e74
ci: build and test with Go 1.23 ( #6526 )
...
* chore: build and test with Go 1.23
* ci: bump golangci-lint to v1.60
* fix: make properly wrap errors
* ci: remove Go 1.21
2024-08-23 11:01:28 -06:00
52bad45181
go.mod: update update golang/x/net ( #6500 )
2024-08-08 01:52:50 +00:00
a8b0dfa8da
go.mod: update quic-go package ( #6498 )
2024-08-06 22:08:32 -06:00
840094ac65
proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol ( #6485 )
...
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support
* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
2024-08-03 19:51:50 +03:00
04fb9fe87f
go.mod: update tscert package ( #6384 )
...
The latest tscert allows callers to provide a custom http.Transport for
calling Tailscale's local API.
Updates tailscale/caddy-tailscale#66
2024-06-10 07:28:30 -06:00
b7280e6949
caddytls: Implement certmagic.RenewalInfoGetter
...
Fixes ARI errors reported here:
https://caddy.community/t/error-in-logs-with-updating-ari-after-upgrading-to-caddy-v2-8-1/24320
2024-06-01 18:02:49 -06:00
d79c0f0dec
go.mod: Upgrade dependencies
2024-05-20 10:35:27 -06:00
e66040a6f0
caddytls: set server name in context ( #6324 )
...
Set the requested server name in a context value for CertGetter
implementations to use. Pass ctx to tscert.GetCertificateWithContext.
Signed-off-by: Will Norris <will@tailscale.com>
2024-05-18 03:52:19 -06:00
44860482d2
chore: downgrade minimum Go version in go.mod ( #6318 )
...
* chore: downgrade minimum Go version in go.mod
* Upgrade certmagic and zerossl
---------
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2024-05-15 19:28:34 +00:00
abdf1ae15c
go.mod: go 1.22.3
...
Seeing if this assists with some Go tooling logic
2024-05-10 08:32:44 -06:00
dd203ad41f
go.mod: CertMagic v0.21.0
2024-05-07 10:17:10 -06:00
b52271061d
go.mod: Upgrade to quic-go v0.43.1
2024-05-06 20:15:43 -06:00
d129ae6aec
caddytls: Evict internal certs from cache based on issuer ( #6266 )
...
* caddytls: Evict internal certs from cache based on issuer
During a config reload, we would keep certs in the cache fi they were used by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs.
This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs.
* Make sure new TLS app manages configured certs
* Actually make it work
2024-04-30 16:15:54 -06:00
a46ff50a1c
go.mod: Upgrade to quic-go v0.43.0
2024-04-27 12:01:30 -06:00
76c4cf5a56
caddytls: Option to configure certificate lifetime ( #6253 )
...
* Add option to configure certificate lifetime
* Bump CertMagic dep to latest master commit
* Apply suggestions and ran go mod tidy
* Update modules/caddytls/acmeissuer.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-24 14:35:14 -06:00
Marten Seemann
dependabot[bot]
Matthew Holt
Mohammed Al Sahaf
Ns2Kracy
Kévin Dunglas
WeidiDeng
Francis Lavoie
Prakhar Awasthi
Will Norris
clauverjat