From 91465d8e6f33af94655abe50be0e38aae9db667c Mon Sep 17 00:00:00 2001
From: xenolf <xenolf@users.noreply.github.com>
Date: Sat, 24 Oct 2015 04:36:54 +0200
Subject: [PATCH] Support for OCSP Stapling. Fixes #280
---
config/letsencrypt/letsencrypt.go | 3 +++
server/config.go | 1 +
server/server.go | 1 +
3 files changed, 5 insertions(+)
diff --git a/config/letsencrypt/letsencrypt.go b/config/letsencrypt/letsencrypt.go
index 876691ae2..083daa34b 100644
--- a/config/letsencrypt/letsencrypt.go
+++ b/config/letsencrypt/letsencrypt.go
@@ -232,6 +232,9 @@ func saveCertsAndKeys(certificates []acme.CertificateResource) error {
// autoConfigure enables TLS on cfg and appends, if necessary, a new config
// to allConfigs that redirects plaintext HTTP to its new HTTPS counterpart.
func autoConfigure(cfg *server.Config, allConfigs []server.Config) []server.Config {
+ bundleBytes, _ := ioutil.ReadFile(storage.SiteCertFile(cfg.Host))
+ ocsp, _ := acme.GetOCSPForCert(bundleBytes)
+ cfg.TLS.OCSPStaple = ocsp
cfg.TLS.Certificate = storage.SiteCertFile(cfg.Host)
cfg.TLS.Key = storage.SiteKeyFile(cfg.Host)
cfg.TLS.Enabled = true
diff --git a/server/config.go b/server/config.go
index dedd7ba37..a3bb5f50d 100644
--- a/server/config.go
+++ b/server/config.go
@@ -56,6 +56,7 @@ type TLSConfig struct {
Certificate string
Key string
LetsEncryptEmail string
+ OCSPStaple []byte
Ciphers []uint16
ProtocolMinVersion uint16
ProtocolMaxVersion uint16
diff --git a/server/server.go b/server/server.go
index 24aa92eb5..a3c4f92dc 100644
--- a/server/server.go
+++ b/server/server.go
@@ -162,6 +162,7 @@ func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error {
config.Certificates = make([]tls.Certificate, len(tlsConfigs))
for i, tlsConfig := range tlsConfigs {
config.Certificates[i], err = tls.LoadX509KeyPair(tlsConfig.Certificate, tlsConfig.Key)
+ config.Certificates[i].OCSPStaple = tlsConfig.OCSPStaple
if err != nil {
return err
}