From 9b03abc64624c60d49c99d4eeba6c392473938d8 Mon Sep 17 00:00:00 2001 From: Dorian Niemiec Date: Sun, 25 Aug 2024 17:59:52 +0200 Subject: [PATCH] Add OCSP stapling support --- package-lock.json | 65 +++++++++++++++++++++++++++++++++++++++++++++-- package.json | 1 + src/index.js | 16 +++++++++--- 3 files changed, 77 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index e3b03c3..02ac283 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,6 +10,7 @@ "dependencies": { "formidable": "^2.1.2", "mime-types": "^2.1.35", + "ocsp": "^1.2.0", "tar": "^6.2.1" }, "devDependencies": { @@ -2174,6 +2175,35 @@ "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==" }, + "node_modules/asn1.js": { + "version": "4.10.1", + "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.1.tgz", + "integrity": "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==", + "dependencies": { + "bn.js": "^4.0.0", + "inherits": "^2.0.1", + "minimalistic-assert": "^1.0.0" + } + }, + "node_modules/asn1.js-rfc2560": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/asn1.js-rfc2560/-/asn1.js-rfc2560-4.0.6.tgz", + "integrity": "sha512-ysf48ni+f/efNPilq4+ApbifUPcSW/xbDeQAh055I+grr2gXgNRQqHew7kkO70WSMQ2tEOURVwsK+dJqUNjIIg==", + "dependencies": { + "asn1.js-rfc5280": "^2.0.0" + }, + "peerDependencies": { + "asn1.js": "^4.4.0" + } + }, + "node_modules/asn1.js-rfc5280": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/asn1.js-rfc5280/-/asn1.js-rfc5280-2.0.1.tgz", + "integrity": "sha512-1e2ypnvTbYD/GdxWK77tdLBahvo1fZUHlQJqAVUuZWdYj0rdjGcf2CWYUtbsyRYpYUMwMWLZFUtLxog8ZXTrcg==", + "dependencies": { + "asn1.js": "^4.5.0" + } + }, "node_modules/async": { "version": "3.2.6", "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", @@ -2341,6 +2371,11 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/bn.js": { + "version": "4.12.0", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" + }, "node_modules/brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", @@ -3838,8 +3873,7 @@ "node_modules/inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "dev": true + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" }, "node_modules/is-arrayish": { "version": "0.2.1", @@ -4927,6 +4961,11 @@ "node": ">=6" } }, + "node_modules/minimalistic-assert": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", + "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" + }, "node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -5043,6 +5082,23 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/ocsp": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/ocsp/-/ocsp-1.2.0.tgz", + "integrity": "sha512-r4Q3oYKU+3b6iD4bn+5O2dQqctu8pFrJfWouUiKjiNXXjdr99lN/EaTVkFQevGlV/lKsomgtt/XRGB8xV8rq3Q==", + "dependencies": { + "asn1.js": "^4.8.0", + "asn1.js-rfc2560": "^4.0.0", + "asn1.js-rfc5280": "^2.0.0", + "async": "^1.5.2", + "simple-lru-cache": "0.0.2" + } + }, + "node_modules/ocsp/node_modules/async": { + "version": "1.5.2", + "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz", + "integrity": "sha512-nSVgobk4rv61R9PUSDtYt7mPVB2olxNR5RWJcAsH676/ef11bUZwvu7+RGYrYauVdDPcO519v68wRhXQtxsV9w==" + }, "node_modules/once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", @@ -5719,6 +5775,11 @@ "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", "dev": true }, + "node_modules/simple-lru-cache": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/simple-lru-cache/-/simple-lru-cache-0.0.2.tgz", + "integrity": "sha512-uEv/AFO0ADI7d99OHDmh1QfYzQk/izT1vCmu/riQfh7qjBVUUgRT87E5s5h7CxWCA/+YoZerykpEthzVrW3LIw==" + }, "node_modules/sisteransi": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", diff --git a/package.json b/package.json index c6c7d7d..5bca000 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,7 @@ "dependencies": { "formidable": "^2.1.2", "mime-types": "^2.1.35", + "ocsp": "^1.2.0", "tar": "^6.2.1" } } diff --git a/src/index.js b/src/index.js index 0e58dd9..89b5a94 100644 --- a/src/index.js +++ b/src/index.js @@ -73,6 +73,17 @@ try { }; } +let ocsp = {}; +let ocspCache = {}; +try { + ocsp = require("ocsp"); + ocspCache = new ocsp.Cache(); +} catch (err) { + ocsp = { + _errored: err + }; +} + process.dirname = __dirname; process.filename = __filename; @@ -815,8 +826,7 @@ if (process.serverConfig.secure) { delete sock._parent.reallyDestroy; }); - // TODO: OCSP stapling - /*if (process.serverConfig.enableOCSPStapling && !ocsp._errored) { + if (process.serverConfig.enableOCSPStapling && !ocsp._errored) { server.on("OCSPRequest", function (cert, issuer, callback) { ocsp.getOCSPURI(cert, function (err, uri) { if (err) return callback(err); @@ -830,7 +840,7 @@ if (process.serverConfig.secure) { ocspCache.request(req.id, options, callback); }); }); - }*/ + } } // TODO: close, open, stop, restart commands