TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-12-09 03:30:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加OCSP Stapling功能

Browse Source
This commit is contained in:
GoEdgeLab
2022-03-10 11:54:35 +08:00
parent 0cfc8c341a
commit a38369733e
7 changed files with 310 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/db/models/ssl_policy_dao.go
View File

@@ -167,6 +167,9 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheM
config.HSTS = hstsConfig
}
// ocsp
config.OCSPIsOn = policy.OcspIsOn == 1
if cacheMap != nil {
cacheMap.Put(cacheKey, config)
}
@@ -196,7 +199,7 @@ func (this *SSLPolicyDAO) FindAllEnabledPolicyIdsWithCertId(tx *dbs.Tx, certId i
}
// CreatePolicy 创建Policy
func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, ocspIsOn bool, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
op := NewSSLPolicyOperator()
op.State = SSLPolicyStateEnabled
op.IsOn = true
@@ -213,6 +216,8 @@ func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64,
op.Hsts = hstsJSON
}
op.OcspIsOn = ocspIsOn
op.ClientAuthType = clientAuthType
if len(clientCACertsJSON) > 0 {
op.ClientCACerts = clientCACertsJSON
@@ -234,7 +239,7 @@ func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64,
}
// UpdatePolicy 修改Policy
func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) error {
func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, ocspIsOn bool, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) error {
if policyId <= 0 {
return errors.New("invalid policyId")
}
@@ -251,6 +256,8 @@ func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled
op.Hsts = hstsJSON
}
op.OcspIsOn = ocspIsOn
op.ClientAuthType = clientAuthType
if len(clientCACertsJSON) > 0 {
op.ClientCACerts = clientCACertsJSON