* packet_conn_wrappers: Initial changes
* packet_conn_wrappers: Unwrap a packet conn only if there are no wrappers
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* caddypki: Add support for multiple intermediates in signing chain
* Move intermediate lifetime configuration check
In #7272 a check was changed to ensure that generated intermediate
certificates would always use a lifetime that falls within the
lifetime of the root. However, when a root and intermediate(s)
are supplied, the configuration value was being used instead of
the actual lifetimes of the certificates. The check was moved to
only be performed when an intermediate is generated; not when
loaded from disk.
* Add tests for `pemDecodeCertificateChain` and `pemDecodeCertificate`
* Use `crypto.Signer` instead of `any` in appropriate places
* Use latest Smallstep packages
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* capture the buffered body once, then reset clonedReq.Body before each retry
* no copy
* keep receiver name
* set the buf to nil after extraction and only return it to pool if not nil
---------
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
* caddytls: correct documentation of `LeafFolderLoader`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* fmt...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* logging: fix multiple regexp filters on same field (fixes#7049)
* fix: add proper error handling in MultiRegexpFilter tests
* fix: resolve linter and test issues - Fix GCI import formatting issues - Fix MultiRegexpFilter input size limit test by ensuring output doesn't exceed max length after each operation - All tests now pass and linter issues resolved
* fix: update integration test for proper JSON encoding - Fix expected JSON output to use Unicode escape sequence for ampersand character - Integration tests now pass
* chore: ugh, lint fix...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* more lint fixes
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
`pflag.GetStringSlice` treats commas as delimiters, which causes issues
when passing headers whose values contain commas (`X-Robots-Tag:
noindex, nofollow`). These are incorrectly split into multiple headers
and errors out:
- `X-Robots-Tag: noindex`
- ` nofollow`
Switch to `pflag.GetStringArray`, which does not split on commas[1].
Note that this changes behavior for cases where multiple headers were
provided in a single argument with commas (`--header-down "X-Foo:
Bar,X-Bar: Foo"`). Such cases will now be treated as a single header
value. If this breaking change is unacceptable, we will need a smarter
fallback mechanism.
[1] https://github.com/spf13/pflag/pull/90
* set Content-Length for precompressed files
* Update modules/caddyhttp/fileserver/staticfiles.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* use the new http.Protocols to handle h1, h2 and h2c requests
* fix lint
* keep ConnCtxKey for now
* fix handling for h2c
* check http version while reading the connection
* check if connection implements connectionStater when it should
* add comments about either h1 or h2 must be used in the listener
* fix if check
* return a net.Conn that implements connectionStater if applicable
* remove http/1.1 from alpn if h1 is disabled
* fix matching if only h1 is enabled
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* http: clean up listeners if some of the listeners fail to bind
* check for nil server due to failure to start
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
