增加OCSP Stapling功能

pkg/serverconfigs/sslconfigs/ssl_cert_config.go

@@ -29,6 +29,9 @@ type SSLCertConfig struct {
 	DNSNames    []string `yaml:"dnsNames" json:"dnsNames"`
 	CommonNames []string `yaml:"commonNames" json:"commonNames"`
 
+	// OCSP
+	OCSP []byte `yaml:"ocsp" json:"ocsp"`
+
 	cert      *tls.Certificate
 	timeBegin time.Time
 	timeEnd   time.Time

pkg/serverconfigs/sslconfigs/ssl_policy.go

@@ -31,6 +31,8 @@ type SSLPolicy struct {
 	HSTS         *HSTSConfig `yaml:"hsts" json:"hsts"`                 // HSTS配置
 	HTTP2Enabled bool        `yaml:"http2Enabled" json:"http2Enabled"` // 是否启用HTTP2
 
+	OCSPIsOn bool `yaml:"ocspIsOn" json:"ocspIsOn"` // 是否启用OCSP
+
 	nameMapping map[string]*tls.Certificate // dnsName => cert
 
 	minVersion   uint16
@@ -52,6 +54,9 @@ func (this *SSLPolicy) Init() error {
 		if err != nil {
 			return err
 		}
+		if this.OCSPIsOn && len(cert.OCSP) > 0 {
+			cert.CertObject().OCSPStaple = cert.OCSP
+		}
 		certs = append(certs, *cert.CertObject())
 		for _, dnsName := range cert.DNSNames {
 			this.nameMapping[dnsName] = cert.CertObject()