From 26d633baf83994e79d2961fa9f5b37ef5b0ab800 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 19 Feb 2022 16:20:38 -0500 Subject: httpcaddyfile: Disabling OCSP stapling for both managed and unmanaged (#4589) --- caddyconfig/httpcaddyfile/tlsapp.go | 5 +++++ caddytest/integration/caddyfile_adapt/global_options.txt | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 48506d8..daaec95 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -301,6 +301,11 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.RenewCheckInterval = renewCheckInterval } + // set whether OCSP stapling should be disabled for manually-managed certificates + if ocspConfig, ok := options["ocsp_stapling"].(certmagic.OCSPConfig); ok { + tlsApp.DisableOCSPStapling = ocspConfig.DisableStapling + } + // if any hostnames appear on the same server block as a key with // no host, they will not be used with route matchers because the // hostless key matches all hosts, therefore, it wouldn't be diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index dda644b..69e2d9d 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -10,6 +10,7 @@ } acme_ca https://example.com acme_ca_root /path/to/ca.crt + ocsp_stapling off email test@example.com admin off @@ -61,7 +62,8 @@ "module": "internal" } ], - "key_type": "ed25519" + "key_type": "ed25519", + "disable_ocsp_stapling": true } ], "on_demand": { @@ -71,7 +73,8 @@ }, "ask": "https://example.com" } - } + }, + "disable_ocsp_stapling": true } } } -- cgit v1.2.3