fix application bug

2019-05-13 11:19:18 +08:00
parent 996d6fe4c5
commit 5462f51e65
717 changed files with 87703 additions and 53426 deletions
--- a/vendor/github.com/mholt/caddy/caddytls/config.go
+++ b/vendor/github.com/mholt/caddy/caddytls/config.go
@@ -21,13 +21,14 @@ import (
 	"io/ioutil"
 	"os"
 	"sync/atomic"
+	"time"

-	"github.com/xenolf/lego/challenge/tlsalpn01"
+	"github.com/go-acme/lego/challenge/tlsalpn01"

+	"github.com/go-acme/lego/certcrypto"
 	"github.com/klauspost/cpuid"
 	"github.com/mholt/caddy"
 	"github.com/mholt/certmagic"
-	"github.com/xenolf/lego/certcrypto"
 )

 // Config describes how TLS should be configured and used.
@@ -117,22 +118,48 @@ func NewConfig(inst *caddy.Instance) (*Config, error) {
 				if err != nil {
 					return nil, fmt.Errorf("constructing cluster plugin %s: %v", clusterPluginName, err)
 				}
-				certmagic.DefaultStorage = storage
+				certmagic.Default.Storage = storage
 			} else {
 				return nil, fmt.Errorf("unrecognized cluster plugin (was it included in the Caddy build?): %s", clusterPluginName)
 			}
 		}
-		certCache = certmagic.NewCache(certmagic.DefaultStorage)
+		certCache = certmagic.NewCache(certmagic.CacheOptions{
+			GetConfigForCert: func(cert certmagic.Certificate) (certmagic.Config, error) {
+				inst.StorageMu.Lock()
+				cfgMap, ok := inst.Storage[configMapKey].(map[string]*Config)
+				inst.StorageMu.Unlock()
+				if ok {
+					for hostname, cfg := range cfgMap {
+						if cfg.Manager != nil && hostname == cert.Names[0] {
+							return *cfg.Manager, nil
+						}
+					}
+				}
+				// returning Default not strictly necessary, since Default is used as template
+				// anyway; but this makes it clear that that's what we fall back to
+				return certmagic.Default, nil
+			},
+		})
+		storageCleaningTicker := time.NewTicker(12 * time.Hour)
+		go func() {
+			for range storageCleaningTicker.C {
+				certmagic.CleanStorage(certmagic.Default.Storage, certmagic.CleanStorageOptions{
+					OCSPStaples: true,
+				})
+			}
+		}()
 		inst.OnShutdown = append(inst.OnShutdown, func() error {
 			certCache.Stop()
+			storageCleaningTicker.Stop()
 			return nil
 		})
+
 		inst.StorageMu.Lock()
 		inst.Storage[CertCacheInstStorageKey] = certCache
 		inst.StorageMu.Unlock()
 	}
 	return &Config{
-		Manager: certmagic.NewWithCache(certCache, certmagic.Config{}),
+		Manager: certmagic.New(certCache, certmagic.Config{}),
 	}, nil
 }

@@ -418,7 +445,6 @@ func SetDefaultTLSParams(config *Config) {
 var supportedKeyTypes = map[string]certcrypto.KeyType{
 	"P384":    certcrypto.EC384,
 	"P256":    certcrypto.EC256,
-	"RSA8192": certcrypto.RSA8192,
 	"RSA4096": certcrypto.RSA4096,
 	"RSA2048": certcrypto.RSA2048,
 }
--- a/vendor/github.com/mholt/caddy/caddytls/handshake.go
+++ b/vendor/github.com/mholt/caddy/caddytls/handshake.go
@@ -42,7 +42,7 @@ type configGroup map[string]*Config
 func (cg configGroup) getConfig(hello *tls.ClientHelloInfo) *Config {
 	name := certmagic.NormalizedName(hello.ServerName)
 	if name == "" {
-		name = certmagic.NormalizedName(certmagic.DefaultServerName)
+		name = certmagic.NormalizedName(certmagic.Default.DefaultServerName)
 	}

 	// if SNI is empty, prefer matching IP address (it is
--- a/vendor/github.com/mholt/caddy/caddytls/selfsigned.go
+++ b/vendor/github.com/mholt/caddy/caddytls/selfsigned.go
@@ -14,7 +14,7 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/certcrypto"
+	"github.com/go-acme/lego/certcrypto"
 )

 // newSelfSignedCertificate returns a new self-signed certificate.
--- a/vendor/github.com/mholt/caddy/caddytls/setup.go
+++ b/vendor/github.com/mholt/caddy/caddytls/setup.go
@@ -36,7 +36,9 @@ import (
 func init() {
 	// opt-in TLS 1.3 for Go1.12
 	// TODO: remove this line when Go1.13 is released.
-	os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+	if err := os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1"); err != nil {
+		log.Println("[ERROR] failed to set environment variable: ", err)
+	}

 	caddy.RegisterPlugin("tls", caddy.Plugin{Action: setupTLS})

@@ -63,7 +65,7 @@ func setupTLS(c *caddy.Controller) error {
 			if err != nil {
 				return fmt.Errorf("constructing cluster plugin %s: %v", clusterPluginName, err)
 			}
-			certmagic.DefaultStorage = storage
+			certmagic.Default.Storage = storage
 		} else {
 			return fmt.Errorf("unrecognized cluster plugin (was it included in the Caddy build?): %s", clusterPluginName)
 		}
@@ -363,6 +365,14 @@ func setupTLS(c *caddy.Controller) error {
 		telemetry.Increment("tls_self_signed_count")
 	}

+	// store this as a custom config
+	cfgMap, ok := c.Get(configMapKey).(map[string]*Config)
+	if !ok || cfgMap == nil {
+		cfgMap = make(map[string]*Config)
+	}
+	cfgMap[config.Hostname] = config
+	c.Set(configMapKey, cfgMap)
+
 	return nil
 }

@@ -401,26 +411,34 @@ func loadCertsInDir(cfg *Config, c *caddy.Controller, dir string) error {

 				if derBlock.Type == "CERTIFICATE" {
 					// Re-encode certificate as PEM, appending to certificate chain
-					pem.Encode(certBuilder, derBlock)
+					if err := pem.Encode(certBuilder, derBlock); err != nil {
+						log.Println("[ERROR] failed to write PEM encoding: ", err)
+					}
 				} else if derBlock.Type == "EC PARAMETERS" {
 					// EC keys generated from openssl can be composed of two blocks:
 					// parameters and key (parameter block should come first)
 					if !foundKey {
 						// Encode parameters
-						pem.Encode(keyBuilder, derBlock)
+						if err := pem.Encode(keyBuilder, derBlock); err != nil {
+							log.Println("[ERROR] failed to write PEM encoding: ", err)
+						}

 						// Key must immediately follow
 						derBlock, bundle = pem.Decode(bundle)
 						if derBlock == nil || derBlock.Type != "EC PRIVATE KEY" {
 							return c.Errf("%s: expected elliptic private key to immediately follow EC parameters", path)
 						}
-						pem.Encode(keyBuilder, derBlock)
+						if err := pem.Encode(keyBuilder, derBlock); err != nil {
+							log.Println("[ERROR] failed to write PEM encoding: ", err)
+						}
 						foundKey = true
 					}
 				} else if derBlock.Type == "PRIVATE KEY" || strings.HasSuffix(derBlock.Type, " PRIVATE KEY") {
 					// RSA key
 					if !foundKey {
-						pem.Encode(keyBuilder, derBlock)
+						if err := pem.Encode(keyBuilder, derBlock); err != nil {
+							log.Println("[ERROR] failed to write PEM encoding: ", err)
+						}
 						foundKey = true
 					}
 				} else {
@@ -449,3 +467,5 @@ func loadCertsInDir(cfg *Config, c *caddy.Controller, dir string) error {
 func constructDefaultClusterPlugin() (certmagic.Storage, error) {
 	return &certmagic.FileStorage{Path: caddy.AssetsPath()}, nil
 }
+
+const configMapKey = "tls_custom_configs"
--- a/vendor/github.com/mholt/caddy/caddytls/tls.go
+++ b/vendor/github.com/mholt/caddy/caddytls/tls.go
@@ -29,9 +29,9 @@
 package caddytls

 import (
+	"github.com/go-acme/lego/challenge"
 	"github.com/mholt/caddy"
 	"github.com/mholt/certmagic"
-	"github.com/xenolf/lego/challenge"
 )

 // ConfigHolder is any type that has a Config; it presumably is
@@ -93,7 +93,7 @@ var KnownACMECAs = []string{
 //
 // challenge.Provider is an interface that allows the implementation of custom
 // challenge providers. For more details, see:
-// https://godoc.org/github.com/xenolf/lego/acme#ChallengeProvider
+// https://godoc.org/github.com/go-acme/lego/acme#ChallengeProvider
 type ChallengeProvider challenge.Provider

 // DNSProviderConstructor is a function that takes credentials and