bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)
https://www.bunkerweb.io
GNU Affero General Public License v3.0
6.38k stars 360 forks source link

[FEATURE] Easy Integration of OCSP SSL Stappling #1592

Open Wu-Tek opened 2 weeks ago

Wu-Tek commented 2 weeks ago

What's needed and why?

An easy Environement Integration of OCSP for SSL Stapling. Firefox usese SSL Stappling and implementing it nativly as a ENV VAR would be a benefit, so that everyone can handle OCSP easily. If this is already implemented into the lets encrypt Plugin, so you can implemtent this ENV Variable for CUSTOM_SSL_CERT too.

Implementations ideas (optional)

Code for the /etc/nginx/SERVER_NAME/ssl.conf:

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/cert_chain.pem

Enviroment Variable for Global and/or Autoconf: CUSTOM_SSL_OCSP=yes On the Backend ther could runn a script like this:

SSL_CERT= $CUSTOM_SSL_CERT
SSL_OCSP_CERTNAME=ocsp.der
SSL_CA_NAME=ca.cer
OCSP_1=$(openssl x509 -noout -ocsp_uri -in $SSL_CERT)
openssl ocsp -no_nonce -issuer $SSL_CA_NAME -cert $SSL_CERT -respout $SSL_OCSP_CERTNAME -url $OCSP_1

Code of Conduct

TheophileDiot commented 1 week ago

Hi, thank you for opening this feature request, we'll have a look into it and let you know !