Version 2.3.0

andreasschulze · Mar 27, 2024 · 7f1eee1 · 7f1eee1
1 parent d0c1480
commit 7f1eee1
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 2.3.0
+
+- RFC 9116 support
+- FIX: fetching ACME certs was broken, don't use 2.2.x!
+- use go-1.22.x
+
 ## 2.2.1
 
 - updated Github workflows

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-bookworm AS builder
+FROM golang:1.22-bookworm AS builder
 
 WORKDIR /scmdhttpd/
 COPY go.mod go.sum *.go ./

diff --git a/README.md b/README.md
@@ -91,6 +91,12 @@ wenn dort das Ziel als 2. Wert hinter einem Hostnamen angegeben wird.
 
   CSS-Datei, die beim Aufruf der URL `/style.css` ausgegeben wird.
 
+- `security.txt`
+
+  "vulnerability disclosure information", die beim Aufruf der URL `/.well-known/security.txt`
+  ausgegeben wird. Die Datei sollte inhaltlich [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116.html)
+  entspechen.
+
 Werden die genannten URLs per HTTP aufgerufen, erfolgt ein
 [permanenter Redirect](https://datatracker.ietf.org/doc/html/rfc7231#section-6.4.2)
 auf die entsprechende HTTPS-URL.

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/andreasschulze/scmdhttpd
 
-go 1.21
+go 1.22
 
 require golang.org/x/crypto v0.17.0
 

diff --git a/scmdhttpd.go b/scmdhttpd.go
@@ -25,14 +25,14 @@ import (
 const (
 	certsDir       = "certs"
 	programName    = "scmdHTTPd"
-	programVersion = "2.2.1"
+	programVersion = "2.3.0"
 )
 
 var (
 	certdir      = flag.String("certificate_dir", "certificate-dir", "Directory in which to store certificates.")
 	acmeEndpoint = flag.String("acme_endpoint", "", "If set, uses a custom ACME endpoint URL. It doesn't make sense to use this with --staging.")
 	staging      = flag.Bool("staging", false, "If true, uses Let's Encrypt 'staging' environment instead of prod.")
-	datadir      = flag.String("data_dir", "/data", "Directory where vhosts.conf, index.html, robots.txt an favicon.ico are found")
+	datadir      = flag.String("data_dir", "/data", "Directory where vhosts.conf, index.html, robots.txt, security.txt and favicon.ico are found")
 	version      = flag.Bool("version", false, "print version and exit.")
 
 	// global var
@@ -182,6 +182,8 @@ func main() {
 				fallthrough
 			case "/style.css":
 				fallthrough
+			case "/.well-known/security.txt":
+				fallthrough
 			case "/":
 				if r.TLS == nil {
 					w.Header().Set("Connection", "close")
@@ -209,6 +211,8 @@ func main() {
 
 				if r.URL.Path == "/" {
 					http.ServeFile(w, r, *datadir+"/index.html")
+				} else if r.URL.Path == "/.well-known/security.txt" {
+					http.ServeFile(w, r, *datadir+"/security.txt")
 				} else {
 					http.ServeFile(w, r, *datadir+r.URL.Path)
 				}
@@ -251,7 +255,7 @@ func main() {
 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	}
 	// disable http2 and higher
-	srvTLS.TLSConfig.NextProtos = []string{"http/1.0", "http/1.1"}
+	srvTLS.TLSConfig.NextProtos = []string{"http/1.0", "http/1.1", "acme-tls/1"}
 
 	versionInfo("starting ")