summaryrefslogtreecommitdiff
path: root/modules/caddytls
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddytls')
-rw-r--r--modules/caddytls/automation.go23
1 files changed, 20 insertions, 3 deletions
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go
index 509ad6e..ed29e06 100644
--- a/modules/caddytls/automation.go
+++ b/modules/caddytls/automation.go
@@ -107,6 +107,19 @@ type AutomationPolicy struct {
// load.
OnDemand bool `json:"on_demand,omitempty"`
+ // Disables OCSP stapling. Disabling OCSP stapling puts clients at
+ // greater risk, reduces their privacy, and usually lowers client
+ // performance. It is NOT recommended to disable this unless you
+ // are able to justify the costs.
+ // EXPERIMENTAL. Subject to change.
+ DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"`
+
+ // Overrides the URLs of OCSP responders embedded in certificates.
+ // Each key is a OCSP server URL to override, and its value is the
+ // replacement. An empty value will disable querying of that server.
+ // EXPERIMENTAL. Subject to change.
+ OCSPOverrides map[string]string `json:"ocsp_overrides,omitempty"`
+
// Issuers stores the decoded issuer parameters. This is only
// used to populate an underlying certmagic.Config's Issuers
// field; it is not referenced thereafter.
@@ -205,9 +218,13 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
RenewalWindowRatio: ap.RenewalWindowRatio,
KeySource: keySource,
OnDemand: ond,
- Storage: storage,
- Issuers: issuers,
- Logger: tlsApp.logger,
+ OCSP: certmagic.OCSPConfig{
+ DisableStapling: ap.DisableOCSPStapling,
+ ResponderOverrides: ap.OCSPOverrides,
+ },
+ Storage: storage,
+ Issuers: issuers,
+ Logger: tlsApp.logger,
}
ap.magic = certmagic.New(tlsApp.certCache, template)