mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-24 23:39:19 -04:00 
			
		
		
		
	Support for OCSP Stapling. Fixes #280
This commit is contained in:
		
							parent
							
								
									f8ad050dda
								
							
						
					
					
						commit
						91465d8e6f
					
				| @ -232,6 +232,9 @@ func saveCertsAndKeys(certificates []acme.CertificateResource) error { | |||||||
| // autoConfigure enables TLS on cfg and appends, if necessary, a new config | // autoConfigure enables TLS on cfg and appends, if necessary, a new config | ||||||
| // to allConfigs that redirects plaintext HTTP to its new HTTPS counterpart. | // to allConfigs that redirects plaintext HTTP to its new HTTPS counterpart. | ||||||
| func autoConfigure(cfg *server.Config, allConfigs []server.Config) []server.Config { | func autoConfigure(cfg *server.Config, allConfigs []server.Config) []server.Config { | ||||||
|  | 	bundleBytes, _ := ioutil.ReadFile(storage.SiteCertFile(cfg.Host)) | ||||||
|  | 	ocsp, _ := acme.GetOCSPForCert(bundleBytes) | ||||||
|  | 	cfg.TLS.OCSPStaple = ocsp | ||||||
| 	cfg.TLS.Certificate = storage.SiteCertFile(cfg.Host) | 	cfg.TLS.Certificate = storage.SiteCertFile(cfg.Host) | ||||||
| 	cfg.TLS.Key = storage.SiteKeyFile(cfg.Host) | 	cfg.TLS.Key = storage.SiteKeyFile(cfg.Host) | ||||||
| 	cfg.TLS.Enabled = true | 	cfg.TLS.Enabled = true | ||||||
|  | |||||||
| @ -56,6 +56,7 @@ type TLSConfig struct { | |||||||
| 	Certificate              string | 	Certificate              string | ||||||
| 	Key                      string | 	Key                      string | ||||||
| 	LetsEncryptEmail         string | 	LetsEncryptEmail         string | ||||||
|  | 	OCSPStaple               []byte | ||||||
| 	Ciphers                  []uint16 | 	Ciphers                  []uint16 | ||||||
| 	ProtocolMinVersion       uint16 | 	ProtocolMinVersion       uint16 | ||||||
| 	ProtocolMaxVersion       uint16 | 	ProtocolMaxVersion       uint16 | ||||||
|  | |||||||
| @ -162,6 +162,7 @@ func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error { | |||||||
| 	config.Certificates = make([]tls.Certificate, len(tlsConfigs)) | 	config.Certificates = make([]tls.Certificate, len(tlsConfigs)) | ||||||
| 	for i, tlsConfig := range tlsConfigs { | 	for i, tlsConfig := range tlsConfigs { | ||||||
| 		config.Certificates[i], err = tls.LoadX509KeyPair(tlsConfig.Certificate, tlsConfig.Key) | 		config.Certificates[i], err = tls.LoadX509KeyPair(tlsConfig.Certificate, tlsConfig.Key) | ||||||
|  | 		config.Certificates[i].OCSPStaple = tlsConfig.OCSPStaple | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			return err | 			return err | ||||||
| 		} | 		} | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user