@small-tech/auto-encrypt 4.1.3 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +1 -77
- package/package.json +2 -3
package/index.js
CHANGED
|
@@ -14,7 +14,6 @@
|
|
|
14
14
|
import os from 'os'
|
|
15
15
|
import util from 'util'
|
|
16
16
|
import https from 'https'
|
|
17
|
-
import ocsp from 'ocsp'
|
|
18
17
|
import monkeyPatchTls from './lib/staging/monkeyPatchTls.js'
|
|
19
18
|
import LetsEncryptServer from './lib/LetsEncryptServer.js'
|
|
20
19
|
import Configuration from './lib/Configuration.js'
|
|
@@ -77,9 +76,6 @@ export default class AutoEncrypt {
|
|
|
77
76
|
*/
|
|
78
77
|
static get https () { return AutoEncrypt }
|
|
79
78
|
|
|
80
|
-
|
|
81
|
-
static ocspCache = null
|
|
82
|
-
|
|
83
79
|
/**
|
|
84
80
|
* Automatically manages Let’s Encrypt certificate provisioning and renewal for Node.js
|
|
85
81
|
* https servers using the HTTP-01 challenge on first hit of an HTTPS route via use of
|
|
@@ -174,7 +170,7 @@ export default class AutoEncrypt {
|
|
|
174
170
|
}
|
|
175
171
|
}
|
|
176
172
|
|
|
177
|
-
const server =
|
|
173
|
+
const server = https.createServer(options, listener)
|
|
178
174
|
|
|
179
175
|
//
|
|
180
176
|
// Monkey-patch the server.
|
|
@@ -212,25 +208,11 @@ export default class AutoEncrypt {
|
|
|
212
208
|
}
|
|
213
209
|
|
|
214
210
|
|
|
215
|
-
/**
|
|
216
|
-
* The OCSP module does not have a means of clearing its cache check timers
|
|
217
|
-
* so we do it here. (Otherwise, the test suite would hang.)
|
|
218
|
-
*/
|
|
219
|
-
static clearOcspCacheTimers () {
|
|
220
|
-
if (this.ocspCache !== null) {
|
|
221
|
-
const cacheIds = Object.keys(this.ocspCache.cache)
|
|
222
|
-
cacheIds.forEach(cacheId => {
|
|
223
|
-
clearInterval(this.ocspCache.cache[cacheId].timer)
|
|
224
|
-
})
|
|
225
|
-
}
|
|
226
|
-
}
|
|
227
|
-
|
|
228
211
|
/**
|
|
229
212
|
* Shut Auto Encrypt down. Do this before app exit. Performs necessary clean-up and removes
|
|
230
213
|
* any references that might cause the app to not exit.
|
|
231
214
|
*/
|
|
232
215
|
static shutdown () {
|
|
233
|
-
this.clearOcspCacheTimers()
|
|
234
216
|
this.certificate.stopCheckingForRenewal()
|
|
235
217
|
}
|
|
236
218
|
|
|
@@ -238,64 +220,6 @@ export default class AutoEncrypt {
|
|
|
238
220
|
// Private.
|
|
239
221
|
//
|
|
240
222
|
|
|
241
|
-
/**
|
|
242
|
-
* Adds Online Certificate Status Protocol (OCSP) stapling (also known as TLS Certificate Status Request extension)
|
|
243
|
-
* support to the passed server instance.
|
|
244
|
-
*
|
|
245
|
-
* @private
|
|
246
|
-
* @param {https.Server} server HTTPS server instance without OCSP Stapling support.
|
|
247
|
-
* @returns {https.Server} HTTPS server instance with OCSP Stapling support.
|
|
248
|
-
*/
|
|
249
|
-
static addOcspStapling(server) {
|
|
250
|
-
// OCSP stapling
|
|
251
|
-
//
|
|
252
|
-
// Many browsers will fetch OCSP from Let’s Encrypt when they load your site. This is a performance and privacy
|
|
253
|
-
// problem. Ideally, connections to your site should not wait for a secondary connection to Let’s Encrypt. Also,
|
|
254
|
-
// OCSP requests tell Let’s Encrypt which sites people are visiting. We have a good privacy policy and do not record
|
|
255
|
-
// individually identifying details from OCSP requests, we’d rather not even receive the data in the first place.
|
|
256
|
-
// Additionally, we anticipate our bandwidth costs for serving OCSP every time a browser visits a Let’s Encrypt site
|
|
257
|
-
// for the first time will be a big part of our infrastructure expense.
|
|
258
|
-
//
|
|
259
|
-
// By turning on OCSP Stapling, you can improve the performance of your website, provide better privacy protections
|
|
260
|
-
// … and help Let’s Encrypt efficiently serve as many people as possible.
|
|
261
|
-
//
|
|
262
|
-
// (Source: https://letsencrypt.org/docs/integration-guide/implement-ocsp-stapling)
|
|
263
|
-
|
|
264
|
-
this.ocspCache = new ocsp.Cache()
|
|
265
|
-
const cache = this.ocspCache
|
|
266
|
-
|
|
267
|
-
server.on('OCSPRequest', (certificate, issuer, callback) => {
|
|
268
|
-
|
|
269
|
-
if (certificate == null) {
|
|
270
|
-
return callback(new Error('Cannot OCSP staple: certificate not yet provisioned.'))
|
|
271
|
-
}
|
|
272
|
-
|
|
273
|
-
ocsp.getOCSPURI(certificate, function(error, uri) {
|
|
274
|
-
if (error) return callback(error)
|
|
275
|
-
if (uri === null) return callback()
|
|
276
|
-
|
|
277
|
-
const request = ocsp.request.generate(certificate, issuer)
|
|
278
|
-
|
|
279
|
-
cache.probe(request.id, (error, cached) => {
|
|
280
|
-
if (error) return callback(error)
|
|
281
|
-
|
|
282
|
-
if (cached !== false) {
|
|
283
|
-
return callback(null, cached.response)
|
|
284
|
-
}
|
|
285
|
-
|
|
286
|
-
const options = {
|
|
287
|
-
url: uri,
|
|
288
|
-
ocsp: request.data
|
|
289
|
-
}
|
|
290
|
-
|
|
291
|
-
cache.request(request.id, options, callback);
|
|
292
|
-
})
|
|
293
|
-
})
|
|
294
|
-
})
|
|
295
|
-
|
|
296
|
-
return server
|
|
297
|
-
}
|
|
298
|
-
|
|
299
223
|
// Custom object description for console output (for debugging).
|
|
300
224
|
static [util.inspect.custom] () {
|
|
301
225
|
return `
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@small-tech/auto-encrypt",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.2.0",
|
|
4
4
|
"description": "Automatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten, Polka, Express.js, etc.)",
|
|
5
5
|
"engines": {
|
|
6
6
|
"node": ">=18.20.0"
|
|
@@ -68,8 +68,7 @@
|
|
|
68
68
|
"encodeurl": "^1.0.2",
|
|
69
69
|
"jose": "^1.28.2",
|
|
70
70
|
"moment": "^2.29.4",
|
|
71
|
-
"node-forge": "^1.3.1"
|
|
72
|
-
"ocsp": "^1.2.0"
|
|
71
|
+
"node-forge": "^1.3.1"
|
|
73
72
|
},
|
|
74
73
|
"devDependencies": {
|
|
75
74
|
"@small-tech/esm-tape-runner": "^1.0.3",
|