diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/caddytls/automation.go | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 509ad6e..ed29e06 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -107,6 +107,19 @@ type AutomationPolicy struct { // load. OnDemand bool `json:"on_demand,omitempty"` + // Disables OCSP stapling. Disabling OCSP stapling puts clients at + // greater risk, reduces their privacy, and usually lowers client + // performance. It is NOT recommended to disable this unless you + // are able to justify the costs. + // EXPERIMENTAL. Subject to change. + DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"` + + // Overrides the URLs of OCSP responders embedded in certificates. + // Each key is a OCSP server URL to override, and its value is the + // replacement. An empty value will disable querying of that server. + // EXPERIMENTAL. Subject to change. + OCSPOverrides map[string]string `json:"ocsp_overrides,omitempty"` + // Issuers stores the decoded issuer parameters. This is only // used to populate an underlying certmagic.Config's Issuers // field; it is not referenced thereafter. @@ -205,9 +218,13 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { RenewalWindowRatio: ap.RenewalWindowRatio, KeySource: keySource, OnDemand: ond, - Storage: storage, - Issuers: issuers, - Logger: tlsApp.logger, + OCSP: certmagic.OCSPConfig{ + DisableStapling: ap.DisableOCSPStapling, + ResponderOverrides: ap.OCSPOverrides, + }, + Storage: storage, + Issuers: issuers, + Logger: tlsApp.logger, } ap.magic = certmagic.New(tlsApp.certCache, template) |