Define a TLS section to group TLS, TLSOptions, and TLSStores.

Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-06-27 23:58:03 +02:00 · 2019-06-27 23:58:03 +02:00 · 4245096be4
commit 4245096be4
parent c9b2a07bc7
52 changed files with 717 additions and 628 deletions
--- a/integration/fixtures/https/clientca/https_1ca1config.toml
+++ b/integration/fixtures/https/clientca/https_1ca1config.toml
@ -36,16 +36,15 @@ level = "DEBUG"
      [[http.services.service2.LoadBalancer.Servers]]
        URL = "http://127.0.0.1:9020"

-[[tls]]
-  [tls.certificate]
-        certFile = "fixtures/https/snitest.com.cert"
-        keyFile = "fixtures/https/snitest.com.key"
+[[tls.certificates]]
+    certFile = "fixtures/https/snitest.com.cert"
+    keyFile = "fixtures/https/snitest.com.key"

-[[tls]]
-  [tls.certificate]
-        certFile = "fixtures/https/snitest.org.cert"
-        keyFile = "fixtures/https/snitest.org.key"
+[[tls.certificates]]
+    certFile = "fixtures/https/snitest.org.cert"
+    keyFile = "fixtures/https/snitest.org.key"

-[tlsOptions.default.ClientCA]
+[tls.options]
+  [tls.options.default.ClientCA]
    files = ["fixtures/https/clientca/ca1.crt"]
    optional = true
--- a/integration/fixtures/https/clientca/https_2ca1config.toml
+++ b/integration/fixtures/https/clientca/https_2ca1config.toml
@ -36,14 +36,14 @@ level = "DEBUG"
      [[http.services.service2.LoadBalancer.Servers]]
        URL = "http://127.0.0.1:9020"

-[[tls]]
-  [tls.certificate]
-      certFile = "fixtures/https/snitest.com.cert"
-      keyFile = "fixtures/https/snitest.com.key"
-[[tls]]
-  [tls.certificate]
-      certFile = "fixtures/https/snitest.org.cert"
-      keyFile = "fixtures/https/snitest.org.key"
+[[tls.certificates]]
+    certFile = "fixtures/https/snitest.com.cert"
+    keyFile = "fixtures/https/snitest.com.key"

-[tlsOptions.default.ClientCA]
+[[tls.certificates]]
+  certFile = "fixtures/https/snitest.org.cert"
+  keyFile = "fixtures/https/snitest.org.key"
+
+[tls.options]
+  [tls.options.default.ClientCA]
    files = ["fixtures/https/clientca/ca1and2.crt"]
--- a/integration/fixtures/https/clientca/https_2ca2config.toml
+++ b/integration/fixtures/https/clientca/https_2ca2config.toml
@ -35,16 +35,15 @@ level = "DEBUG"
      [[http.services.service2.LoadBalancer.Servers]]
        URL = "http://127.0.0.1:9020"

-[[tls]]
-  [tls.certificate]
-      certFile = "fixtures/https/snitest.com.cert"
-      keyFile = "fixtures/https/snitest.com.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/snitest.com.cert"
+  keyFile = "fixtures/https/snitest.com.key"

-[[tls]]
-  [tls.certificate]
-      certFile = "fixtures/https/snitest.org.cert"
-      keyFile = "fixtures/https/snitest.org.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/snitest.org.cert"
+  keyFile = "fixtures/https/snitest.org.key"

-[tlsOptions.default.ClientCA]
+[tls.options]
+  [tls.options.default.ClientCA]
    files = ["fixtures/https/clientca/ca1.crt", "fixtures/https/clientca/ca2.crt"]
    optional = false
--- a/integration/fixtures/https/dynamic_https.toml
+++ b/integration/fixtures/https/dynamic_https.toml
@ -20,9 +20,8 @@
      [[http.services.service2.LoadBalancer.Servers]]
        url = "http://127.0.0.1:9020"

-[[tls]]
-    #  bad certificates to validate the loop on the certificate appending
-  [tls.certificate]
+#  bad certificates to validate the loop on the certificate appending
+[[tls.certificates]]
    # bad content
    certFile = """-----BEGIN CERTIFICATE-----
 MIIC/zCCAeegAwIBAgIJALAYHG/vGqWEMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
@ -34,8 +33,7 @@ eRG3DaVpez4DQVupZDHMgxJUYqqKynUj6GD1YiaxGROj3TYCu6e7OxyhalhCllSu
 w/X5M802XqzLjeec5zHoZDfknnAkgR9MsxZYmZPFaDyL6GOKUB8=
 -----END RSA PRIVATE KEY-----"""

-[[tls]]
-  [tls.certificate]
+[[tls.certificates]]
    certFile = """-----BEGIN CERTIFICATE-----
 MIIC/zCCAeegAwIBAgIJALAYHG/vGqWEMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
 BAMMC3NuaXRlc3Qub3JnMB4XDTE1MTEyMzIyMDU0NFoXDTI1MTEyMDIyMDU0NFow
--- a/integration/fixtures/https/dynamic_https_sni_default_cert.toml
+++ b/integration/fixtures/https/dynamic_https_sni_default_cert.toml
@ -31,16 +31,15 @@ level = "DEBUG"
      [[http.services.service1.LoadBalancer.Servers]]
        url = "http://127.0.0.1:9010"

-[[tls]]
-  [tls.certificate]
+[[tls.certificates]]
  certFile = "fixtures/https/wildcard.snitest.com.cert"
  keyFile = "fixtures/https/wildcard.snitest.com.key"

-[[tls]]
-  [tls.certificate]
-     certFile = "fixtures/https/www.snitest.com.cert"
-     keyFile = "fixtures/https/www.snitest.com.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/www.snitest.com.cert"
+  keyFile = "fixtures/https/www.snitest.com.key"

-[tlsStores.default.DefaultCertificate]
+[tls.stores]
+  [tls.stores.default.DefaultCertificate]
    certFile = "fixtures/https/snitest.com.cert"
    keyFile = "fixtures/https/snitest.com.key"
--- a/integration/fixtures/https/https_sni.toml
+++ b/integration/fixtures/https/https_sni.toml
@ -36,12 +36,10 @@ level = "DEBUG"
      [[http.services.service2.LoadBalancer.Servers]]
        URL = "http://127.0.0.1:9020"

-[[tls]]
-  [tls.certificate]
-     certFile = "fixtures/https/snitest.com.cert"
-     keyFile = "fixtures/https/snitest.com.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/snitest.com.cert"
+  keyFile = "fixtures/https/snitest.com.key"

-[[tls]]
-  [tls.certificate]
-     certFile = "fixtures/https/snitest.org.cert"
-     keyFile = "fixtures/https/snitest.org.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/snitest.org.cert"
+  keyFile = "fixtures/https/snitest.org.key"
--- a/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
+++ b/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
@ -31,11 +31,11 @@ level = "DEBUG"
      [[http.services.service1.LoadBalancer.Servers]]
        url = "http://127.0.0.1:9010"

-[[tls]]
-  [tls.certificate]
-    certFile = "fixtures/https/uppercase_wildcard.www.snitest.com.cert"
-    keyFile = "fixtures/https/uppercase_wildcard.www.snitest.com.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/uppercase_wildcard.www.snitest.com.cert"
+  keyFile = "fixtures/https/uppercase_wildcard.www.snitest.com.key"

-[tlsStores.default.DefaultCertificate]
+[tls.stores]
+  [tls.stores.default.DefaultCertificate]
    certFile = "fixtures/https/wildcard.snitest.com.cert"
    keyFile = "fixtures/https/wildcard.snitest.com.key"
--- a/integration/fixtures/https/https_sni_default_cert.toml
+++ b/integration/fixtures/https/https_sni_default_cert.toml
@ -31,16 +31,15 @@ level = "DEBUG"
      [[http.services.service1.LoadBalancer.Servers]]
        url = "http://127.0.0.1:9010"

-[[tls]]
-  [tls.certificate]
-     certFile = "fixtures/https/wildcard.snitest.com.cert"
-     keyFile = "fixtures/https/wildcard.snitest.com.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/wildcard.snitest.com.cert"
+  keyFile = "fixtures/https/wildcard.snitest.com.key"

-[[tls]]
-  [tls.certificate]
-     certFile = "fixtures/https/www.snitest.com.cert"
-     keyFile = "fixtures/https/www.snitest.com.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/www.snitest.com.cert"
+  keyFile = "fixtures/https/www.snitest.com.key"

-[tlsStores.default.DefaultCertificate]
+[tls.stores]
+  [tls.stores.default.DefaultCertificate]
    certFile = "fixtures/https/snitest.com.cert"
    keyFile = "fixtures/https/snitest.com.key"
--- a/integration/fixtures/https/https_sni_strict.toml
+++ b/integration/fixtures/https/https_sni_strict.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
-sendAnonymousUsage = false
+  checkNewVersion = false
+  sendAnonymousUsage = false

 [log]
-level = "DEBUG"
+  level = "DEBUG"

 [entryPoints]
  [entryPoints.web-secure]
@ -26,11 +26,13 @@ level = "DEBUG"
      [[http.services.service1.LoadBalancer.Servers]]
        url = "http://127.0.0.1:9010"

-[tlsOptions.default]
+[tls.options]
+  [tls.options.default]
    sniStrict = true

-[tlsStores.default]
-    [tlsStores.default.DefaultCertificate]
-        certFile = "fixtures/https/snitest.com.cert"
-        keyFile = "fixtures/https/snitest.com.key"
+[tls.stores]
+  [tls.stores.default]
+    [tls.stores.default.DefaultCertificate]
+      certFile = "fixtures/https/snitest.com.cert"
+      keyFile = "fixtures/https/snitest.com.key"

--- a/integration/fixtures/https/https_tls_options.toml
+++ b/integration/fixtures/https/https_tls_options.toml
@ -44,18 +44,18 @@ level = "DEBUG"
      [[http.services.service2.LoadBalancer.Servers]]
        URL = "http://127.0.0.1:9020"

-[[tls]]
-  [tls.certificate]
-     certFile = "fixtures/https/snitest.com.cert"
-     keyFile = "fixtures/https/snitest.com.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/snitest.com.cert"
+  keyFile = "fixtures/https/snitest.com.key"

-[[tls]]
-  [tls.certificate]
-     certFile = "fixtures/https/snitest.org.cert"
-     keyFile = "fixtures/https/snitest.org.key"
+[[tls.certificates]]
+  certFile = "fixtures/https/snitest.org.cert"
+  keyFile = "fixtures/https/snitest.org.key"

-[tlsoptions.foo]
+[tls.options]
+
+  [tls.options.foo]
    minversion = "VersionTLS11"

-[tlsoptions.bar]
+  [tls.options.bar]
    minversion = "VersionTLS12"