10 releases

new 0.4.5 Apr 14, 2025
0.4.4 Mar 8, 2025
0.4.2 Feb 25, 2025
0.4.1 May 27, 2024
0.1.1 May 24, 2024

#992 in Network programming

Download history 1/week @ 2025-01-30 14/week @ 2025-02-06 11/week @ 2025-02-13 112/week @ 2025-02-20 321/week @ 2025-02-27 1533/week @ 2025-03-06 1190/week @ 2025-03-13 1340/week @ 2025-03-20 1259/week @ 2025-03-27 1267/week @ 2025-04-03 1220/week @ 2025-04-10

5,295 downloads per month

MPL-2.0 license

37KB
733 lines

Warning

Be advised that LetsEncrypt, sadly, decided to drop support for OCSP stapling in 2025. So if you were planning to use this crate with LetsEncrypt - soon it won't be possible.

ocsp-stapler

crates.io Documentation MPL-2 Licensed

OCSP stapler for Rustls.

  • OCSP Client that can be used separately
  • Stapler wraps Arc<dyn ResolvesServerCert> trait object and automatically staples all certificates provided by it

Please see the docs for more details.

Example

// Read the chain & private key and combine them into CertifiedKey
let certs = std::fs::read("chain.pem").unwrap();
let certs = rustls_pemfile::certs(&mut certs.as_ref()).collect::<Result<Vec<_>, _>>().unwrap();

let key = std::fs::read("private.pem").unwrap();
let key = rustls_pemfile::private_key(&mut key.as_ref()).unwrap();
let key = rustls::crypto::ring::sign::any_supported_type(&key).unwrap();

let ckey = rustls::sign::CertifiedKey::new(certs, key);

// Inner service that provides certificates to Rustls, can be anything
let mut inner = rustls::server::ResolvesServerCertUsingSni::new();
inner.add("crates.io", ckey).unwrap();

// Create a Stapler wrapping inner resolver
let stapler = Arc::new(ocsp_stapler::Stapler::new(inner));

// Then you can build & use ServerConfig wherever applicable
let server_config = rustls::server::ServerConfig::builder()
        .with_no_client_auth()
        .with_cert_resolver(stapler.clone());

// Stop the background worker to clean up resources
stapler.stop().await;

Dependencies

~28–41MB
~746K SLoC