Adjust OCSP Stapling

transport/internet/tls/config.go

@@ -1,15 +1,14 @@
 package tls
 
 import (
-	"bytes"
 	"crypto/tls"
 	"crypto/x509"
-	"github.com/xtls/xray-core/common/ocsp"
 	"strings"
 	"sync"
 	"time"
 
 	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/ocsp"
 	"github.com/xtls/xray-core/common/protocol/tls/cert"
 	"github.com/xtls/xray-core/transport/internet"
 )
@@ -45,7 +44,7 @@ func (c *Config) loadSelfCertPool() (*x509.CertPool, error) {
 // BuildCertificates builds a list of TLS certificates from proto definition.
 func (c *Config) BuildCertificates() []tls.Certificate {
 	certs := make([]tls.Certificate, 0, len(c.Certificate))
-	for i, entry := range c.Certificate {
+	for _, entry := range c.Certificate {
 		if entry.Usage != Certificate_ENCIPHERMENT {
 			continue
 		}
@@ -56,22 +55,17 @@ func (c *Config) BuildCertificates() []tls.Certificate {
 		}
 		certs = append(certs, keyPair)
 		if entry.OcspStapling != 0 {
-			*&certs[i].OCSPStaple, _ = ocsp.GetOCSPForCert(keyPair.Certificate)
-			go func(ocspData *[]byte) {
-				t := time.NewTicker(time.Second * time.Duration(entry.OcspStapling))
+			go func(cert *tls.Certificate) {
+				t := time.NewTicker(time.Duration(entry.OcspStapling) * time.Second)
 				for {
-					select {
-					case <-t.C:
-						newOCSPData, err := ocsp.GetOCSPForCert(keyPair.Certificate)
-						if err != nil {
-							newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog()
-						}
-						if len(newOCSPData) != len(*ocspData) && !bytes.Equal(*ocspData, newOCSPData) {
-							*ocspData = newOCSPData
-						}
+					if newData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil {
+						newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog()
+					} else if string(newData) != string(cert.OCSPStaple) {
+						cert.OCSPStaple = newData
 					}
+					<-t.C
 				}
-			}(&certs[i].OCSPStaple)
+			}(&certs[len(certs)-1])
 		}
 	}
 	return certs