Add OCSP stapling support

2024-08-25 17:59:52 +02:00 · 2024-08-25 17:59:52 +02:00 · 9b03abc646
commit 9b03abc646
parent 95416f4604
3 changed files with 77 additions and 5 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -10,6 +10,7 @@
      "dependencies": {
        "formidable": "^2.1.2",
        "mime-types": "^2.1.35",
+        "ocsp": "^1.2.0",
        "tar": "^6.2.1"
      },
      "devDependencies": {
@ -2174,6 +2175,35 @@
      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA=="
    },
+    "node_modules/asn1.js": {
+      "version": "4.10.1",
+      "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.1.tgz",
+      "integrity": "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==",
+      "dependencies": {
+        "bn.js": "^4.0.0",
+        "inherits": "^2.0.1",
+        "minimalistic-assert": "^1.0.0"
+      }
+    },
+    "node_modules/asn1.js-rfc2560": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/asn1.js-rfc2560/-/asn1.js-rfc2560-4.0.6.tgz",
+      "integrity": "sha512-ysf48ni+f/efNPilq4+ApbifUPcSW/xbDeQAh055I+grr2gXgNRQqHew7kkO70WSMQ2tEOURVwsK+dJqUNjIIg==",
+      "dependencies": {
+        "asn1.js-rfc5280": "^2.0.0"
+      },
+      "peerDependencies": {
+        "asn1.js": "^4.4.0"
+      }
+    },
+    "node_modules/asn1.js-rfc5280": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/asn1.js-rfc5280/-/asn1.js-rfc5280-2.0.1.tgz",
+      "integrity": "sha512-1e2ypnvTbYD/GdxWK77tdLBahvo1fZUHlQJqAVUuZWdYj0rdjGcf2CWYUtbsyRYpYUMwMWLZFUtLxog8ZXTrcg==",
+      "dependencies": {
+        "asn1.js": "^4.5.0"
+      }
+    },
    "node_modules/async": {
      "version": "3.2.6",
      "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
@ -2341,6 +2371,11 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
+    "node_modules/bn.js": {
+      "version": "4.12.0",
+      "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
+      "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA=="
+    },
    "node_modules/brace-expansion": {
      "version": "1.1.11",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@ -3838,8 +3873,7 @@
    "node_modules/inherits": {
      "version": "2.0.4",
      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
-      "dev": true
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
    },
    "node_modules/is-arrayish": {
      "version": "0.2.1",
@ -4927,6 +4961,11 @@
        "node": ">=6"
      }
    },
+    "node_modules/minimalistic-assert": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
+      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
+    },
    "node_modules/minimatch": {
      "version": "3.1.2",
      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
@ -5043,6 +5082,23 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/ocsp": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/ocsp/-/ocsp-1.2.0.tgz",
+      "integrity": "sha512-r4Q3oYKU+3b6iD4bn+5O2dQqctu8pFrJfWouUiKjiNXXjdr99lN/EaTVkFQevGlV/lKsomgtt/XRGB8xV8rq3Q==",
+      "dependencies": {
+        "asn1.js": "^4.8.0",
+        "asn1.js-rfc2560": "^4.0.0",
+        "asn1.js-rfc5280": "^2.0.0",
+        "async": "^1.5.2",
+        "simple-lru-cache": "0.0.2"
+      }
+    },
+    "node_modules/ocsp/node_modules/async": {
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+      "integrity": "sha512-nSVgobk4rv61R9PUSDtYt7mPVB2olxNR5RWJcAsH676/ef11bUZwvu7+RGYrYauVdDPcO519v68wRhXQtxsV9w=="
+    },
    "node_modules/once": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@ -5719,6 +5775,11 @@
      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
      "dev": true
    },
+    "node_modules/simple-lru-cache": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/simple-lru-cache/-/simple-lru-cache-0.0.2.tgz",
+      "integrity": "sha512-uEv/AFO0ADI7d99OHDmh1QfYzQk/izT1vCmu/riQfh7qjBVUUgRT87E5s5h7CxWCA/+YoZerykpEthzVrW3LIw=="
+    },
    "node_modules/sisteransi": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz",
--- a/package.json
+++ b/package.json
@ -27,6 +27,7 @@
  "dependencies": {
    "formidable": "^2.1.2",
    "mime-types": "^2.1.35",
+    "ocsp": "^1.2.0",
    "tar": "^6.2.1"
  }
 }
--- a/src/index.js
+++ b/src/index.js
@ -73,6 +73,17 @@ try {
  };
 }

+let ocsp = {};
+let ocspCache = {};
+try {
+  ocsp = require("ocsp");
+  ocspCache = new ocsp.Cache();
+} catch (err) {
+  ocsp = {
+    _errored: err
+  };
+}
+
 process.dirname = __dirname;
 process.filename = __filename;

@ -815,8 +826,7 @@ if (process.serverConfig.secure) {
    delete sock._parent.reallyDestroy;
  });

-  // TODO: OCSP stapling
-  /*if (process.serverConfig.enableOCSPStapling && !ocsp._errored) {
+  if (process.serverConfig.enableOCSPStapling && !ocsp._errored) {
    server.on("OCSPRequest", function (cert, issuer, callback) {
      ocsp.getOCSPURI(cert, function (err, uri) {
        if (err) return callback(err);
@ -830,7 +840,7 @@ if (process.serverConfig.secure) {
        ocspCache.request(req.id, options, callback);
      });
    });
-  }*/
+  }
 }

 // TODO: close, open, stop, restart commands