OCSP支持过期时间

2025-11-09 20:10:27 +08:00 · 2022-03-18 20:20:47 +08:00
parent b5b7ab99d3
commit 0e732e4821
2 changed files with 10 additions and 12 deletions
--- a/internal/nodes/listener_base.go
+++ b/internal/nodes/listener_base.go
@@ -35,15 +35,17 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 	return &tls.Config{
 		Certificates: nil,
 		GetConfigForClient: func(clientInfo *tls.ClientHelloInfo) (config *tls.Config, e error) {
-			ssl, _, err := this.matchSSL(clientInfo.ServerName)
+			tlsPolicy, _, err := this.matchSSL(clientInfo.ServerName)
 			if err != nil {
 				return nil, err
 			}

-			return ssl.TLSConfig(), nil
+			tlsPolicy.CheckOCSP()
+
+			return tlsPolicy.TLSConfig(), nil
 		},
 		GetCertificate: func(clientInfo *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) {
-			_, cert, err := this.matchSSL(clientInfo.ServerName)
+			tlsPolicy, cert, err := this.matchSSL(clientInfo.ServerName)
 			if err != nil {
 				return nil, err
 			}
@@ -51,6 +53,8 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 				return nil, errors.New("no ssl certs found for '" + clientInfo.ServerName + "'")
 			}

+			tlsPolicy.CheckOCSP()
+
 			return cert, nil
 		},
 	}
--- a/internal/nodes/task_ocsp_update.go
+++ b/internal/nodes/task_ocsp_update.go
@@ -70,7 +70,9 @@ func (this *OCSPUpdateTask) Loop() error {

 	for _, ocsp := range resp.SslCertOCSP {
 		// 更新OCSP
-		sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Ocsp)
+		if sharedNodeConfig != nil {
+			sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Data, ocsp.ExpiresAt)
+		}

 		// 修改版本
 		this.version = ocsp.Version
@@ -82,11 +84,3 @@ func (this *OCSPUpdateTask) Loop() error {
 func (this *OCSPUpdateTask) Stop() {
 	this.ticker.Stop()
 }
-
-func (this *OCSPUpdateTask) updateOCSP(certId int64, ocsp []byte) {
-	var config = sharedNodeConfig
-	if config == nil {
-		return
-	}
-
-}