10 releases
new 0.4.5 | Apr 14, 2025 |
---|---|
0.4.4 | Mar 8, 2025 |
0.4.2 | Feb 25, 2025 |
0.4.1 | May 27, 2024 |
0.1.1 | May 24, 2024 |
#992 in Network programming
5,295 downloads per month
37KB
733 lines
Warning
Be advised that LetsEncrypt, sadly, decided to drop support for OCSP stapling in 2025. So if you were planning to use this crate with LetsEncrypt - soon it won't be possible.
ocsp-stapler
OCSP stapler for Rustls.
- OCSP
Client
that can be used separately Stapler
wrapsArc<dyn ResolvesServerCert>
trait object and automatically staples all certificates provided by it
Please see the docs for more details.
Example
// Read the chain & private key and combine them into CertifiedKey
let certs = std::fs::read("chain.pem").unwrap();
let certs = rustls_pemfile::certs(&mut certs.as_ref()).collect::<Result<Vec<_>, _>>().unwrap();
let key = std::fs::read("private.pem").unwrap();
let key = rustls_pemfile::private_key(&mut key.as_ref()).unwrap();
let key = rustls::crypto::ring::sign::any_supported_type(&key).unwrap();
let ckey = rustls::sign::CertifiedKey::new(certs, key);
// Inner service that provides certificates to Rustls, can be anything
let mut inner = rustls::server::ResolvesServerCertUsingSni::new();
inner.add("crates.io", ckey).unwrap();
// Create a Stapler wrapping inner resolver
let stapler = Arc::new(ocsp_stapler::Stapler::new(inner));
// Then you can build & use ServerConfig wherever applicable
let server_config = rustls::server::ServerConfig::builder()
.with_no_client_auth()
.with_cert_resolver(stapler.clone());
// Stop the background worker to clean up resources
stapler.stop().await;
Dependencies
~28–41MB
~746K SLoC