diff --git a/internal/nodes/listener_base.go b/internal/nodes/listener_base.go
index 9d2cc51..cf9718d 100644
--- a/internal/nodes/listener_base.go
+++ b/internal/nodes/listener_base.go
@@ -35,15 +35,17 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 	return &tls.Config{
 		Certificates: nil,
 		GetConfigForClient: func(clientInfo *tls.ClientHelloInfo) (config *tls.Config, e error) {
-			ssl, _, err := this.matchSSL(clientInfo.ServerName)
+			tlsPolicy, _, err := this.matchSSL(clientInfo.ServerName)
 			if err != nil {
 				return nil, err
 			}
 
-			return ssl.TLSConfig(), nil
+			tlsPolicy.CheckOCSP()
+
+			return tlsPolicy.TLSConfig(), nil
 		},
 		GetCertificate: func(clientInfo *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) {
-			_, cert, err := this.matchSSL(clientInfo.ServerName)
+			tlsPolicy, cert, err := this.matchSSL(clientInfo.ServerName)
 			if err != nil {
 				return nil, err
 			}
@@ -51,6 +53,8 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 				return nil, errors.New("no ssl certs found for '" + clientInfo.ServerName + "'")
 			}
 
+			tlsPolicy.CheckOCSP()
+
 			return cert, nil
 		},
 	}
diff --git a/internal/nodes/task_ocsp_update.go b/internal/nodes/task_ocsp_update.go
index 6545819..1578b36 100644
--- a/internal/nodes/task_ocsp_update.go
+++ b/internal/nodes/task_ocsp_update.go
@@ -70,7 +70,9 @@ func (this *OCSPUpdateTask) Loop() error {
 
 	for _, ocsp := range resp.SslCertOCSP {
 		// 更新OCSP
-		sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Ocsp)
+		if sharedNodeConfig != nil {
+			sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Data, ocsp.ExpiresAt)
+		}
 
 		// 修改版本
 		this.version = ocsp.Version
@@ -82,11 +84,3 @@ func (this *OCSPUpdateTask) Loop() error {
 func (this *OCSPUpdateTask) Stop() {
 	this.ticker.Stop()
 }
-
-func (this *OCSPUpdateTask) updateOCSP(certId int64, ocsp []byte) {
-	var config = sharedNodeConfig
-	if config == nil {
-		return
-	}
-
-}