search

markt-de / puppet-acme

Centralized SSL certificate management using acme.sh and the ACME protocol
https://forge.puppet.com/markt/acme
Apache License 2.0
9 stars 18 forks source link

Allow to request certs without OCSP Must-Staple extension #3

Closed oxc closed 7 years ago

oxc commented 7 years ago

This change adds a $ocsp_must_staple flag (defaults to true like before) that allows to generate certificate requests that don't request the OCSP Must-Staple extension.

This is useful for services that don't (yet) support OCSP stapling, since compliant clients will otherwise reject the certificate if stapled OCSP information is not provided by the service.

Furthermore, with this change, the keyUsage extension entries are now always requested, even if no SAN are available.

--

You might want to review this with --ignore-space-change because of the aligned arrows / assignments.

fraenki commented 7 years ago

Thanks, @oxc!

oxc commented 6 years ago

@fraenki, care to create a release for this?

fraenki commented 6 years ago

@oxc Done.