serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-27 22:23:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

httpcaddyfile: Disabling OCSP stapling for both managed and unmanaged (#4589)

Browse source
This commit is contained in:
Francis Lavoie 2022-02-19 16:20:38 -05:00 committed by GitHub
parent ff137d17d0
commit 26d633baf8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
caddyconfig/httpcaddyfile/tlsapp.go
View file

@ -301,6 +301,11 @@ func (st ServerType) buildTLSApp(
tlsApp.Automation.RenewCheckInterval = renewCheckInterval tlsApp.Automation.RenewCheckInterval = renewCheckInterval
} }
// set whether OCSP stapling should be disabled for manually-managed certificates
if ocspConfig, ok := options["ocsp_stapling"].(certmagic.OCSPConfig); ok {
tlsApp.DisableOCSPStapling = ocspConfig.DisableStapling
}
// if any hostnames appear on the same server block as a key with // if any hostnames appear on the same server block as a key with
// no host, they will not be used with route matchers because the // no host, they will not be used with route matchers because the
// hostless key matches all hosts, therefore, it wouldn't be // hostless key matches all hosts, therefore, it wouldn't be

7
caddytest/integration/caddyfile_adapt/global_options.txt
View file

@ -10,6 +10,7 @@
} }
acme_ca https://example.com acme_ca https://example.com
acme_ca_root /path/to/ca.crt acme_ca_root /path/to/ca.crt
ocsp_stapling off
email test@example.com email test@example.com
admin off admin off
@ -61,7 +62,8 @@
"module": "internal" "module": "internal"
} }
], ],
"key_type": "ed25519" "key_type": "ed25519",
"disable_ocsp_stapling": true
} }
], ],
"on_demand": { "on_demand": {
@ -71,7 +73,8 @@
}, },
"ask": "https://example.com" "ask": "https://example.com"
} }
} },
"disable_ocsp_stapling": true
} }
} }
} }