mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-22 16:46:53 +01:00
caddytls: Disable OCSP stapling for manual certs (#4064)
This commit is contained in:
parent
42b7134ffa
commit
2250920e1d
1 changed files with 13 additions and 0 deletions
|
@ -56,6 +56,16 @@ type TLS struct {
|
|||
// Configures the in-memory certificate cache.
|
||||
Cache *CertCacheOptions `json:"cache,omitempty"`
|
||||
|
||||
// Disables OCSP stapling for manually-managed certificates only.
|
||||
// To configure OCSP stapling for automated certificates, use an
|
||||
// automation policy instead.
|
||||
//
|
||||
// Disabling OCSP stapling puts clients at greater risk, reduces their
|
||||
// privacy, and usually lowers client performance. It is NOT recommended
|
||||
// to disable this unless you are able to justify the costs.
|
||||
// EXPERIMENTAL. Subject to change.
|
||||
DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"`
|
||||
|
||||
certificateLoaders []CertificateLoader
|
||||
automateNames []string
|
||||
certCache *certmagic.Cache
|
||||
|
@ -173,6 +183,9 @@ func (t *TLS) Provision(ctx caddy.Context) error {
|
|||
magic := certmagic.New(t.certCache, certmagic.Config{
|
||||
Storage: ctx.Storage(),
|
||||
Logger: t.logger,
|
||||
OCSP: certmagic.OCSPConfig{
|
||||
DisableStapling: t.DisableOCSPStapling,
|
||||
},
|
||||
})
|
||||
for _, loader := range t.certificateLoaders {
|
||||
certs, err := loader.LoadCertificates()
|
||||
|
|
Loading…
Reference in a new issue