diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2021-01-07 15:52:58 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2021-01-07 15:52:58 -0700 |
commit | 09432ba64d3931206181c895c845116db8d7e877 (patch) | |
tree | de933878ba370ee74a13c79103c3cc4aa666e9d8 /caddyconfig/httpcaddyfile/options.go | |
parent | ef5448324948537bb4ce798567d79d0612d41220 (diff) |
caddytls: Configurable OCSP stapling; global option (closes #3714)
Allows user to disable OCSP stapling (including support in the Caddyfile via the ocsp_stapling global option) or overriding responder URLs. Useful in environments where responders are not reachable due to firewalls.
Diffstat (limited to 'caddyconfig/httpcaddyfile/options.go')
-rw-r--r-- | caddyconfig/httpcaddyfile/options.go | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 119295b..54672a6 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -43,6 +43,7 @@ func init() { RegisterGlobalOption("key_type", parseOptSingleString) RegisterGlobalOption("auto_https", parseOptAutoHTTPS) RegisterGlobalOption("servers", parseServerOptions) + RegisterGlobalOption("ocsp_stapling", parseOCSPStaplingOptions) } func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil } @@ -370,3 +371,17 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro func parseServerOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return unmarshalCaddyfileServerOptions(d) } + +func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { + d.Next() // consume option name + var val string + if !d.AllArgs(&val) { + return nil, d.ArgErr() + } + if val != "off" { + return nil, d.Errf("invalid argument '%s'", val) + } + return certmagic.OCSPConfig{ + DisableStapling: val == "off", + }, nil +} |