diff options
author | Francis Lavoie <lavofr@gmail.com> | 2022-02-19 16:20:38 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-19 14:20:38 -0700 |
commit | 26d633baf83994e79d2961fa9f5b37ef5b0ab800 (patch) | |
tree | 3214fd1eba54ca6c2a77433ef95551f3bf5283b7 | |
parent | ff137d17d008b827d32876310e1179ec5003fef7 (diff) |
httpcaddyfile: Disabling OCSP stapling for both managed and unmanaged (#4589)
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 5 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_adapt/global_options.txt | 7 |
2 files changed, 10 insertions, 2 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 48506d8..daaec95 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -301,6 +301,11 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.RenewCheckInterval = renewCheckInterval } + // set whether OCSP stapling should be disabled for manually-managed certificates + if ocspConfig, ok := options["ocsp_stapling"].(certmagic.OCSPConfig); ok { + tlsApp.DisableOCSPStapling = ocspConfig.DisableStapling + } + // if any hostnames appear on the same server block as a key with // no host, they will not be used with route matchers because the // hostless key matches all hosts, therefore, it wouldn't be diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index dda644b..69e2d9d 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -10,6 +10,7 @@ } acme_ca https://example.com acme_ca_root /path/to/ca.crt + ocsp_stapling off email test@example.com admin off @@ -61,7 +62,8 @@ "module": "internal" } ], - "key_type": "ed25519" + "key_type": "ed25519", + "disable_ocsp_stapling": true } ], "on_demand": { @@ -71,7 +73,8 @@ }, "ask": "https://example.com" } - } + }, + "disable_ocsp_stapling": true } } } |