summaryrefslogtreecommitdiff
path: root/caddyconfig/httpcaddyfile
diff options
context:
space:
mode:
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r--caddyconfig/httpcaddyfile/options.go15
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go9
2 files changed, 23 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index 119295b..54672a6 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -43,6 +43,7 @@ func init() {
RegisterGlobalOption("key_type", parseOptSingleString)
RegisterGlobalOption("auto_https", parseOptAutoHTTPS)
RegisterGlobalOption("servers", parseServerOptions)
+ RegisterGlobalOption("ocsp_stapling", parseOCSPStaplingOptions)
}
func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil }
@@ -370,3 +371,17 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro
func parseServerOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) {
return unmarshalCaddyfileServerOptions(d)
}
+
+func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) {
+ d.Next() // consume option name
+ var val string
+ if !d.AllArgs(&val) {
+ return nil, d.ArgErr()
+ }
+ if val != "off" {
+ return nil, d.Errf("invalid argument '%s'", val)
+ }
+ return certmagic.OCSPConfig{
+ DisableStapling: val == "off",
+ }, nil
+}
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 25b800a..10b5e7d 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -417,8 +417,9 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon
issuers, hasIssuers := options["cert_issuer"]
_, hasLocalCerts := options["local_certs"]
keyType, hasKeyType := options["key_type"]
+ ocspStapling, hasOCSPStapling := options["ocsp_stapling"]
- hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType
+ hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType || hasOCSPStapling
// if there are no global options related to automation policies
// set, then we can just return right away
@@ -444,6 +445,12 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon
ap.Issuers = []certmagic.Issuer{new(caddytls.InternalIssuer)}
}
+ if hasOCSPStapling {
+ ocspConfig := ocspStapling.(certmagic.OCSPConfig)
+ ap.DisableOCSPStapling = ocspConfig.DisableStapling
+ ap.OCSPOverrides = ocspConfig.ResponderOverrides
+ }
+
return ap, nil
}