Add OCSP stapling support

package-lock.json

@@ -10,6 +10,7 @@
       "dependencies": {
         "formidable": "^2.1.2",
         "mime-types": "^2.1.35",
+        "ocsp": "^1.2.0",
         "tar": "^6.2.1"
       },
       "devDependencies": {
@@ -2174,6 +2175,35 @@
       "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
       "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA=="
     },
+    "node_modules/asn1.js": {
+      "version": "4.10.1",
+      "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.1.tgz",
+      "integrity": "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==",
+      "dependencies": {
+        "bn.js": "^4.0.0",
+        "inherits": "^2.0.1",
+        "minimalistic-assert": "^1.0.0"
+      }
+    },
+    "node_modules/asn1.js-rfc2560": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/asn1.js-rfc2560/-/asn1.js-rfc2560-4.0.6.tgz",
+      "integrity": "sha512-ysf48ni+f/efNPilq4+ApbifUPcSW/xbDeQAh055I+grr2gXgNRQqHew7kkO70WSMQ2tEOURVwsK+dJqUNjIIg==",
+      "dependencies": {
+        "asn1.js-rfc5280": "^2.0.0"
+      },
+      "peerDependencies": {
+        "asn1.js": "^4.4.0"
+      }
+    },
+    "node_modules/asn1.js-rfc5280": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/asn1.js-rfc5280/-/asn1.js-rfc5280-2.0.1.tgz",
+      "integrity": "sha512-1e2ypnvTbYD/GdxWK77tdLBahvo1fZUHlQJqAVUuZWdYj0rdjGcf2CWYUtbsyRYpYUMwMWLZFUtLxog8ZXTrcg==",
+      "dependencies": {
+        "asn1.js": "^4.5.0"
+      }
+    },
     "node_modules/async": {
       "version": "3.2.6",
       "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
@@ -2341,6 +2371,11 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/bn.js": {
+      "version": "4.12.0",
+      "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
+      "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA=="
+    },
     "node_modules/brace-expansion": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -3838,8 +3873,7 @@
     "node_modules/inherits": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
-      "dev": true
     },
     "node_modules/is-arrayish": {
       "version": "0.2.1",
@@ -4927,6 +4961,11 @@
         "node": ">=6"
       }
     },
+    "node_modules/minimalistic-assert": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
+      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
+    },
     "node_modules/minimatch": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
@@ -5043,6 +5082,23 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/ocsp": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/ocsp/-/ocsp-1.2.0.tgz",
+      "integrity": "sha512-r4Q3oYKU+3b6iD4bn+5O2dQqctu8pFrJfWouUiKjiNXXjdr99lN/EaTVkFQevGlV/lKsomgtt/XRGB8xV8rq3Q==",
+      "dependencies": {
+        "asn1.js": "^4.8.0",
+        "asn1.js-rfc2560": "^4.0.0",
+        "asn1.js-rfc5280": "^2.0.0",
+        "async": "^1.5.2",
+        "simple-lru-cache": "0.0.2"
+      }
+    },
+    "node_modules/ocsp/node_modules/async": {
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+      "integrity": "sha512-nSVgobk4rv61R9PUSDtYt7mPVB2olxNR5RWJcAsH676/ef11bUZwvu7+RGYrYauVdDPcO519v68wRhXQtxsV9w=="
+    },
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -5719,6 +5775,11 @@
       "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
       "dev": true
     },
+    "node_modules/simple-lru-cache": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/simple-lru-cache/-/simple-lru-cache-0.0.2.tgz",
+      "integrity": "sha512-uEv/AFO0ADI7d99OHDmh1QfYzQk/izT1vCmu/riQfh7qjBVUUgRT87E5s5h7CxWCA/+YoZerykpEthzVrW3LIw=="
+    },
     "node_modules/sisteransi": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz",

package.json

@@ -27,6 +27,7 @@
   "dependencies": {
     "formidable": "^2.1.2",
     "mime-types": "^2.1.35",
+    "ocsp": "^1.2.0",
     "tar": "^6.2.1"
   }
 }

src/index.js

@@ -73,6 +73,17 @@ try {
   };
 }
 
+let ocsp = {};
+let ocspCache = {};
+try {
+  ocsp = require("ocsp");
+  ocspCache = new ocsp.Cache();
+} catch (err) {
+  ocsp = {
+    _errored: err
+  };
+}
+
 process.dirname = __dirname;
 process.filename = __filename;
 
@@ -815,8 +826,7 @@ if (process.serverConfig.secure) {
     delete sock._parent.reallyDestroy;
   });
 
-  // TODO: OCSP stapling
+  if (process.serverConfig.enableOCSPStapling && !ocsp._errored) {
-  /*if (process.serverConfig.enableOCSPStapling && !ocsp._errored) {
     server.on("OCSPRequest", function (cert, issuer, callback) {
       ocsp.getOCSPURI(cert, function (err, uri) {
         if (err) return callback(err);
@@ -830,7 +840,7 @@ if (process.serverConfig.secure) {
         ocspCache.request(req.id, options, callback);
       });
     });
-  }*/
+  }
 }
 
 // TODO: close, open, stop, restart commands