1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00

httpcaddyfile: Disabling OCSP stapling for both managed and unmanaged (#4589)

This commit is contained in:
Francis Lavoie 2022-02-19 16:20:38 -05:00 committed by GitHub
parent ff137d17d0
commit 26d633baf8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 2 deletions

View file

@ -301,6 +301,11 @@ func (st ServerType) buildTLSApp(
tlsApp.Automation.RenewCheckInterval = renewCheckInterval
}
// set whether OCSP stapling should be disabled for manually-managed certificates
if ocspConfig, ok := options["ocsp_stapling"].(certmagic.OCSPConfig); ok {
tlsApp.DisableOCSPStapling = ocspConfig.DisableStapling
}
// if any hostnames appear on the same server block as a key with
// no host, they will not be used with route matchers because the
// hostless key matches all hosts, therefore, it wouldn't be

View file

@ -10,6 +10,7 @@
}
acme_ca https://example.com
acme_ca_root /path/to/ca.crt
ocsp_stapling off
email test@example.com
admin off
@ -61,7 +62,8 @@
"module": "internal"
}
],
"key_type": "ed25519"
"key_type": "ed25519",
"disable_ocsp_stapling": true
}
],
"on_demand": {
@ -71,7 +73,8 @@
},
"ask": "https://example.com"
}
}
},
"disable_ocsp_stapling": true
}
}
}