fix ocsp stapling always disabled

2022-04-17 20:29:23 +02:00 · 2022-04-17 20:29:23 +02:00 · 5b6bd07de8
parent 05e36e3136
commit 5b6bd07de8
7 changed files with 4 additions and 19 deletions
--- a/pkg/provider/acme/challenge_tls.go
+++ b/pkg/provider/acme/challenge_tls.go
@ -153,6 +153,9 @@ func createMessage(certs map[string]*Certificate) dynamic.Message {
 			Certificate: traefiktls.Certificate{
 				CertFile: traefiktls.FileOrContent(cert.Certificate),
 				KeyFile:  traefiktls.FileOrContent(cert.Key),
+				OCSP: traefiktls.OCSPConfig{
+					DisableStapling: true,
+				},
 			},
 			Stores: []string{tlsalpn01.ACMETLS1Protocol},
 		}
--- a/pkg/provider/acme/provider.go
+++ b/pkg/provider/acme/provider.go
@ -781,9 +781,6 @@ func (p *Provider) buildMessage() dynamic.Message {
 			Certificate: traefiktls.Certificate{
 				CertFile: traefiktls.FileOrContent(cert.Certificate.Certificate),
 				KeyFile:  traefiktls.FileOrContent(cert.Key),
-				OCSP: traefiktls.OCSPConfig{
-					DisableStapling: true,
-				},
 			},
 			Stores: []string{cert.Store},
 		}
--- a/pkg/provider/consulcatalog/connect_tls.go
+++ b/pkg/provider/consulcatalog/connect_tls.go
@ -26,9 +26,6 @@ func (c *connectCert) getLeaf() traefiktls.Certificate {
 	return traefiktls.Certificate{
 		CertFile: traefiktls.FileOrContent(c.leaf.cert),
 		KeyFile:  traefiktls.FileOrContent(c.leaf.key),
-		OCSP: traefiktls.OCSPConfig{
-			DisableStapling: false,
-		},
 	}
 }

--- a/pkg/provider/kubernetes/crd/kubernetes.go
+++ b/pkg/provider/kubernetes/crd/kubernetes.go
@ -943,9 +943,6 @@ func buildTLSStores(ctx context.Context, client Client) (map[string]tls.Store, m
 			tlsStore.DefaultCertificate = &tls.Certificate{
 				CertFile: tls.FileOrContent(cert),
 				KeyFile:  tls.FileOrContent(key),
-				OCSP: tls.OCSPConfig{
-					DisableStapling: false,
-				},
 			}
 		}

@ -1032,9 +1029,6 @@ func getTLS(k8sClient Client, secretName, namespace string) (*tls.CertAndStores,
 		Certificate: tls.Certificate{
 			CertFile: tls.FileOrContent(cert),
 			KeyFile:  tls.FileOrContent(key),
-			OCSP: tls.OCSPConfig{
-				DisableStapling: false,
-			},
 		},
 	}, nil
 }
--- a/pkg/provider/kubernetes/gateway/kubernetes.go
+++ b/pkg/provider/kubernetes/gateway/kubernetes.go
@ -1357,9 +1357,6 @@ func getTLS(k8sClient Client, secretName v1alpha2.ObjectName, namespace string)
 		Certificate: tls.Certificate{
 			CertFile: tls.FileOrContent(cert),
 			KeyFile:  tls.FileOrContent(key),
-			OCSP: tls.OCSPConfig{
-				DisableStapling: false,
-			},
 		},
 	}, nil
 }
--- a/pkg/provider/kubernetes/ingress/kubernetes.go
+++ b/pkg/provider/kubernetes/ingress/kubernetes.go
@ -428,9 +428,6 @@ func getCertificates(ctx context.Context, ingress *networkingv1.Ingress, k8sClie
 				Certificate: tls.Certificate{
 					CertFile: tls.FileOrContent(cert),
 					KeyFile:  tls.FileOrContent(key),
-					OCSP: tls.OCSPConfig{
-						DisableStapling: false,
-					},
 				},
 			}
 		}
--- a/pkg/tls/tlsmanager.go
+++ b/pkg/tls/tlsmanager.go
@ -209,7 +209,7 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) {
 		if bestCertificate != nil {
 			err := bestCertificate.StapleOCSP()
 			if err != nil {
-				log.WithoutContext().Warnf("ocsp - error during stable: %w", err)
+				log.WithoutContext().Warnf("ocsp - error during staple: %w", err)
 			}

 			return bestCertificate.Certificate, nil