TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-09 20:10:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

OCSP支持过期时间

Browse Source
This commit is contained in:
刘祥超
2022-03-18 20:20:47 +08:00
parent b5b7ab99d3
commit 0e732e4821
2 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/nodes/listener_base.go
View File

@@ -35,15 +35,17 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
return &tls.Config{ return &tls.Config{
Certificates: nil, Certificates: nil,
GetConfigForClient: func(clientInfo *tls.ClientHelloInfo) (config *tls.Config, e error) { GetConfigForClient: func(clientInfo *tls.ClientHelloInfo) (config *tls.Config, e error) {
ssl, _, err := this.matchSSL(clientInfo.ServerName) tlsPolicy, _, err := this.matchSSL(clientInfo.ServerName)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return ssl.TLSConfig(), nil tlsPolicy.CheckOCSP()
return tlsPolicy.TLSConfig(), nil
}, },
GetCertificate: func(clientInfo *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) { GetCertificate: func(clientInfo *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) {
_, cert, err := this.matchSSL(clientInfo.ServerName) tlsPolicy, cert, err := this.matchSSL(clientInfo.ServerName)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -51,6 +53,8 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
return nil, errors.New("no ssl certs found for '" + clientInfo.ServerName + "'") return nil, errors.New("no ssl certs found for '" + clientInfo.ServerName + "'")
} }
tlsPolicy.CheckOCSP()
return cert, nil return cert, nil
}, },
} }

12
internal/nodes/task_ocsp_update.go
View File

@@ -70,7 +70,9 @@ func (this *OCSPUpdateTask) Loop() error {
for _, ocsp := range resp.SslCertOCSP { for _, ocsp := range resp.SslCertOCSP {
// 更新OCSP // 更新OCSP
sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Ocsp) if sharedNodeConfig != nil {
sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Data, ocsp.ExpiresAt)
}
// 修改版本 // 修改版本
this.version = ocsp.Version this.version = ocsp.Version
@@ -82,11 +84,3 @@ func (this *OCSPUpdateTask) Loop() error {
func (this *OCSPUpdateTask) Stop() { func (this *OCSPUpdateTask) Stop() {
this.ticker.Stop() this.ticker.Stop()
} }
func (this *OCSPUpdateTask) updateOCSP(certId int64, ocsp []byte) {
var config = sharedNodeConfig
if config == nil {
return
}
}