Make it possible to configure the DisableStorageCheck setting for certmagic (#6368)

See discussion about this setting in https://github.com/caddyserver/certmagic/issues/201
This commit is contained in:
Andreas Kohn 2024-06-04 15:00:15 +02:00 committed by GitHub
parent 7088605cc1
commit e7ecc7ede2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -81,6 +81,16 @@ type TLS struct {
// EXPERIMENTAL. Subject to change. // EXPERIMENTAL. Subject to change.
DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"` DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"`
// Disables checks in certmagic that the configured storage is ready
// and able to handle writing new content to it. These checks are
// intended to prevent information loss (newly issued certificates), but
// can be expensive on the storage.
//
// Disabling these checks should only be done when the storage
// can be trusted to have enough capacity and no other problems.
// EXPERIMENTAL. Subject to change.
DisableStorageCheck bool `json:"disable_storage_check,omitempty"`
certificateLoaders []CertificateLoader certificateLoaders []CertificateLoader
automateNames []string automateNames []string
ctx caddy.Context ctx caddy.Context
@ -255,6 +265,7 @@ func (t *TLS) Provision(ctx caddy.Context) error {
OCSP: certmagic.OCSPConfig{ OCSP: certmagic.OCSPConfig{
DisableStapling: t.DisableOCSPStapling, DisableStapling: t.DisableOCSPStapling,
}, },
DisableStorageCheck: t.DisableStorageCheck,
}) })
certCacheMu.RUnlock() certCacheMu.RUnlock()
for _, loader := range t.certificateLoaders { for _, loader := range t.certificateLoaders {