diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-11-16 19:28:52 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-16 19:28:52 -0500 |
commit | 0135904f7d3e1c0e763adaefe267c736616e3d26 (patch) | |
tree | c27be7588f98eaea62e0bd0c0087f2b348da9738 /vendor/github.com/xenolf/lego/acme/crypto.go | |
parent | 0b296dd8c2aefefe89787be5cc627d44cf431150 (diff) | |
download | chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.gz chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.bz2 chat-0135904f7d3e1c0e763adaefe267c736616e3d26.zip |
Upgrading server dependancies (#4566)
Diffstat (limited to 'vendor/github.com/xenolf/lego/acme/crypto.go')
-rw-r--r-- | vendor/github.com/xenolf/lego/acme/crypto.go | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/vendor/github.com/xenolf/lego/acme/crypto.go b/vendor/github.com/xenolf/lego/acme/crypto.go index af97f5d1e..c63b23b99 100644 --- a/vendor/github.com/xenolf/lego/acme/crypto.go +++ b/vendor/github.com/xenolf/lego/acme/crypto.go @@ -20,6 +20,8 @@ import ( "strings" "time" + "encoding/asn1" + "golang.org/x/crypto/ocsp" ) @@ -47,6 +49,12 @@ const ( OCSPServerFailed = ocsp.ServerFailed ) +// Constants for OCSP must staple +var ( + tlsFeatureExtensionOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 24} + ocspMustStapleFeature = []byte{0x30, 0x03, 0x02, 0x01, 0x05} +) + // GetOCSPForCert takes a PEM encoded cert or cert bundle returning the raw OCSP response, // the parsed response, and an error, if any. The returned []byte can be passed directly // into the OCSPStaple property of a tls.Certificate. If the bundle only contains the @@ -206,7 +214,7 @@ func generatePrivateKey(keyType KeyType) (crypto.PrivateKey, error) { return nil, fmt.Errorf("Invalid KeyType: %s", keyType) } -func generateCsr(privateKey crypto.PrivateKey, domain string, san []string) ([]byte, error) { +func generateCsr(privateKey crypto.PrivateKey, domain string, san []string, mustStaple bool) ([]byte, error) { template := x509.CertificateRequest{ Subject: pkix.Name{ CommonName: domain, @@ -217,6 +225,13 @@ func generateCsr(privateKey crypto.PrivateKey, domain string, san []string) ([]b template.DNSNames = san } + if mustStaple { + template.Extensions = append(template.Extensions, pkix.Extension{ + Id: tlsFeatureExtensionOID, + Value: ocspMustStapleFeature, + }) + } + return x509.CreateCertificateRequest(rand.Reader, &template, privateKey) } |