(stapler stapler.Stapler, hostCfg engine.Host, keyPair *tls.Certificate, opts ...stapler.StapleHostOption)
| 498 | } |
| 499 | |
| 500 | func ocspStapleToCert(stapler stapler.Stapler, hostCfg engine.Host, keyPair *tls.Certificate, opts ...stapler.StapleHostOption) { |
| 501 | if !hostCfg.Settings.OCSP.Enabled { |
| 502 | return |
| 503 | } |
| 504 | |
| 505 | log.Infof("OCSP is enabled for %v, resolvers: %v", hostCfg, hostCfg.Settings.OCSP.Responders) |
| 506 | |
| 507 | r, err := stapler.StapleHost(&hostCfg, opts...) |
| 508 | |
| 509 | if err != nil { |
| 510 | log.Warningf("Failed to staple %v, error %v", hostCfg, err) |
| 511 | return |
| 512 | } |
| 513 | |
| 514 | if r.Response.Status != ocsp.Good && r.Response.Status != ocsp.Revoked { |
| 515 | log.Warningf("Got undefined status from OCSP responder: %v", r.Response.Status) |
| 516 | return |
| 517 | } |
| 518 | |
| 519 | keyPair.OCSPStaple = r.Staple |
| 520 | } |
| 521 | |
| 522 | // Returns a certificate based on a hosts KeyPair settings. |
| 523 | func certForHost(hostCfg engine.Host) (tls.Certificate, error) { |
no test coverage detected