From 91465d8e6f33af94655abe50be0e38aae9db667c Mon Sep 17 00:00:00 2001 From: xenolf Date: Sat, 24 Oct 2015 04:36:54 +0200 Subject: [PATCH] Support for OCSP Stapling. Fixes #280 --- config/letsencrypt/letsencrypt.go | 3 +++ server/config.go | 1 + server/server.go | 1 + 3 files changed, 5 insertions(+) diff --git a/config/letsencrypt/letsencrypt.go b/config/letsencrypt/letsencrypt.go index 876691ae..083daa34 100644 --- a/config/letsencrypt/letsencrypt.go +++ b/config/letsencrypt/letsencrypt.go @@ -232,6 +232,9 @@ func saveCertsAndKeys(certificates []acme.CertificateResource) error { // autoConfigure enables TLS on cfg and appends, if necessary, a new config // to allConfigs that redirects plaintext HTTP to its new HTTPS counterpart. func autoConfigure(cfg *server.Config, allConfigs []server.Config) []server.Config { + bundleBytes, _ := ioutil.ReadFile(storage.SiteCertFile(cfg.Host)) + ocsp, _ := acme.GetOCSPForCert(bundleBytes) + cfg.TLS.OCSPStaple = ocsp cfg.TLS.Certificate = storage.SiteCertFile(cfg.Host) cfg.TLS.Key = storage.SiteKeyFile(cfg.Host) cfg.TLS.Enabled = true diff --git a/server/config.go b/server/config.go index dedd7ba3..a3bb5f50 100644 --- a/server/config.go +++ b/server/config.go @@ -56,6 +56,7 @@ type TLSConfig struct { Certificate string Key string LetsEncryptEmail string + OCSPStaple []byte Ciphers []uint16 ProtocolMinVersion uint16 ProtocolMaxVersion uint16 diff --git a/server/server.go b/server/server.go index 24aa92eb..a3c4f92d 100644 --- a/server/server.go +++ b/server/server.go @@ -162,6 +162,7 @@ func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error { config.Certificates = make([]tls.Certificate, len(tlsConfigs)) for i, tlsConfig := range tlsConfigs { config.Certificates[i], err = tls.LoadX509KeyPair(tlsConfig.Certificate, tlsConfig.Key) + config.Certificates[i].OCSPStaple = tlsConfig.OCSPStaple if err != nil { return err }