Adjust OCSP Stapling

transport/internet/xtls/config.go

@@ -2,7 +2,6 @@ package xtls
 
 import (
 	"crypto/x509"
-	"github.com/xtls/xray-core/common/ocsp"
 	"strings"
 	"sync"
 	"time"
@@ -10,6 +9,7 @@ import (
 	xtls "github.com/xtls/go"
 
 	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/ocsp"
 	"github.com/xtls/xray-core/common/protocol/tls/cert"
 	"github.com/xtls/xray-core/transport/internet"
 )
@@ -43,7 +43,7 @@ func (c *Config) loadSelfCertPool() (*x509.CertPool, error) {
 // BuildCertificates builds a list of TLS certificates from proto definition.
 func (c *Config) BuildCertificates() []xtls.Certificate {
 	certs := make([]xtls.Certificate, 0, len(c.Certificate))
-	for i, entry := range c.Certificate {
+	for _, entry := range c.Certificate {
 		if entry.Usage != Certificate_ENCIPHERMENT {
 			continue
 		}
@@ -54,19 +54,17 @@ func (c *Config) BuildCertificates() []xtls.Certificate {
 		}
 		certs = append(certs, keyPair)
 		if entry.OcspStapling != 0 {
-			*&certs[i].OCSPStaple, _ = ocsp.GetOCSPForCert(keyPair.Certificate)
-			go func(ocspData *[]byte) {
-				t := time.NewTicker(time.Second * time.Duration(entry.OcspStapling))
+			go func(cert *xtls.Certificate) {
+				t := time.NewTicker(time.Duration(entry.OcspStapling) * time.Second)
 				for {
-					select {
-					case <-t.C:
-						*ocspData, err = ocsp.GetOCSPForCert(keyPair.Certificate)
-						if err != nil {
-							newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog()
-						}
+					if newData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil {
+						newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog()
+					} else if string(newData) != string(cert.OCSPStaple) {
+						cert.OCSPStaple = newData
 					}
+					<-t.C
 				}
-			}(&certs[i].OCSPStaple)
+			}(&certs[len(certs)-1])
 		}
 	}
 	return certs