npm - @small-tech/auto-encrypt - Versions diffs - 4.1.3 → 4.3.0 - Mend

@small-tech/auto-encrypt 4.1.3 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js CHANGED Viewed

@@ -174,7 +174,19 @@ export default class AutoEncrypt {
       }
     }
-    const server = this.addOcspStapling(https.createServer(options, listener))
+    const shouldAddOcspMustStaple = certificate.hasOcspMustStaple || false
+    // During the transitionary period where Let’s Encrypt has shut down
+    // OCSP support but there are still servers out there with certificates
+    // that have OCSP stapling because their 6-month validity period isn’t
+    // over, we create the server accordingly based on whether the certificate
+    // has OCSP stapling or not so it works for both cases.
+    // TODO: OCSP support can be fully removed in August 2025. All existing
+    // servers with valid certificates will be non-OCSP at that point.
+    const serverWithoutOcspMustStaple = https.createServer(options, listener)
+     const server = shouldAddOcspMustStaple
+     ? this.addOcspStapling(serverWithoutOcspMustStaple)
+     : serverWithoutOcspMustStaple
     //
     // Monkey-patch the server.

package/lib/Certificate.js CHANGED Viewed

@@ -94,29 +94,32 @@ export default class Certificate {
   #_serialNumber = null
   #_issueDate = null
   #_expiryDate = null
-  get isProvisioned    () { return this.#_pem !== null     }
-  get pem              () { return this.#_pem              }
-  get identity         () { return this.#_identity         }
-  get key              () { return this.#_key              }
-  get serialNumber     () { return this.#_serialNumber     }
-  get issuer           () { return this.#_issuer           }
-  get subject          () { return this.#_subject          }
-  get alternativeNames () { return this.#_alternativeNames }
-  get issueDate        () { return this.#_issueDate        }
-  get expiryDate       () { return this.#_expiryDate       }
-  get renewalDate      () { return this.#renewalDate       }
+  #_hasOcspMustStaple = null
+  get isProvisioned     () { return this.#_pem !== null     }
+  get pem               () { return this.#_pem              }
+  get identity          () { return this.#_identity         }
+  get key               () { return this.#_key              }
+  get serialNumber      () { return this.#_serialNumber     }
+  get issuer            () { return this.#_issuer           }
+  get subject           () { return this.#_subject          }
+  get alternativeNames  () { return this.#_alternativeNames }
+  get issueDate         () { return this.#_issueDate        }
+  get expiryDate        () { return this.#_expiryDate       }
+  get renewalDate       () { return this.#renewalDate       }
+  get hasOcspMustStaple () { return this.#_hasOcspMustStaple }
   set pem (certificatePem) {
     this.#_pem = certificatePem
     const details = this.parseDetails(certificatePem)
-    this.#_serialNumber     = details.serialNumber
-    this.#_issuer           = details.issuer
-    this.#_subject          = details.subject
-    this.#_alternativeNames = details.alternativeNames
-    this.#_issueDate        = moment(details.issuedAt)
-    this.#_expiryDate       = moment(details.expiresAt)
+    this.#_serialNumber      = details.serialNumber
+    this.#_issuer            = details.issuer
+    this.#_subject           = details.subject
+    this.#_alternativeNames  = details.alternativeNames
+    this.#_issueDate         = moment(details.issuedAt)
+    this.#_expiryDate        = moment(details.expiresAt)
+    this.#_hasOcspMustStaple = details.hasOcspMustStaple
     // Display the certificate with a nice border :)
     const logMessagePrefix = '         ❨auto-encrypt❩ '
@@ -370,18 +373,26 @@ export default class Certificate {
     const issuedAt = new Date(certificate.validity.notBefore.value)
     const expiresAt = new Date(certificate.validity.notAfter.value)
     const subject = certificate.subject.value.length > 0 ? certificate.subject.value[0][0].value.toString('utf-8').slice(2).trim() : '(No subject)'
+    let hasOcspMustStaple = false
     const alternativeNames = ((certificate.extensions.filter(extension => {
       return extension.extnID === 'subjectAlternativeName'
     }))[0].extnValue).map(name => name.value)
+    certificate.extensions.forEach(extension => {
+      if (Array.isArray(extension.extnID) && extension.extnID.join('.') === '1.3.6.1.5.5.7.1.24') {
+        hasOcspMustStaple = true
+      }
+    })
     return {
       serialNumber,
       issuer,
       subject,
       alternativeNames,
       issuedAt,
-      expiresAt
+      expiresAt,
+      hasOcspMustStaple
     }
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@small-tech/auto-encrypt",
-  "version": "4.1.3",
+  "version": "4.3.0",
   "description": "Automatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten, Polka, Express.js, etc.)",
   "engines": {
     "node": ">=18.20.0"