serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-28 06:33:47 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

caddytls: Disable OCSP stapling for manual certs (#4064)

Browse source
This commit is contained in:
Matthew Holt 2021-04-12 16:09:02 -06:00
parent 42b7134ffa
commit 2250920e1d
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
modules/caddytls/tls.go
View file

@ -56,6 +56,16 @@ type TLS struct {
// Configures the in-memory certificate cache. // Configures the in-memory certificate cache.
Cache *CertCacheOptions `json:"cache,omitempty"` Cache *CertCacheOptions `json:"cache,omitempty"`
// Disables OCSP stapling for manually-managed certificates only.
// To configure OCSP stapling for automated certificates, use an
// automation policy instead.
//
// Disabling OCSP stapling puts clients at greater risk, reduces their
// privacy, and usually lowers client performance. It is NOT recommended
// to disable this unless you are able to justify the costs.
// EXPERIMENTAL. Subject to change.
DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"`
certificateLoaders []CertificateLoader certificateLoaders []CertificateLoader
automateNames []string automateNames []string
certCache *certmagic.Cache certCache *certmagic.Cache
@ -173,6 +183,9 @@ func (t *TLS) Provision(ctx caddy.Context) error {
magic := certmagic.New(t.certCache, certmagic.Config{ magic := certmagic.New(t.certCache, certmagic.Config{
Storage: ctx.Storage(), Storage: ctx.Storage(),
Logger: t.logger, Logger: t.logger,
OCSP: certmagic.OCSPConfig{
DisableStapling: t.DisableOCSPStapling,
},
}) })
for _, loader := range t.certificateLoaders { for _, loader := range t.certificateLoaders {
certs, err := loader.LoadCertificates() certs, err := loader.LoadCertificates()