Merge pull request #3069 from sagi/must_staple

Autoconfigure OCSP Stapling with --must-staple

certbot/cli.py

@@ -343,6 +343,9 @@ class HelpfulArgumentParser(object):
         if parsed_args.csr:
             self.handle_csr(parsed_args)
 
+        if parsed_args.must_staple:
+            parsed_args.staple = True
+
         hooks.validate_hooks(parsed_args)
 
         return parsed_args

certbot/interfaces.py

@@ -201,9 +201,9 @@ class IConfig(zope.interface.Interface):
         "Email used for registration and recovery contact.")
     rsa_key_size = zope.interface.Attribute("Size of the RSA key.")
     must_staple = zope.interface.Attribute(
-        "Whether to request the OCSP Must Staple certificate extension. "
-        "Additional setup may be required after issuance. This does not "
-        "currently autoconfigure web servers for OCSP stapling. ")
+        "Adds the OCSP Must Staple extension to the certificate. "
+        "Autoconfigures OCSP Stapling for supported setups "
+        "(Apache version >= 2.3.3 ).")
 
     config_dir = zope.interface.Attribute("Configuration directory.")
     work_dir = zope.interface.Attribute("Working directory.")

certbot/tests/cli_test.py

@@ -422,6 +422,13 @@ class CLITest(unittest.TestCase):  # pylint: disable=too-many-public-methods
             for arg in conflicting_args:
                 self.assertTrue(arg in error.message)
 
+    def test_must_staple_flag(self):
+        parse = self._get_argument_parser()
+        short_args = ['--must-staple']
+        namespace = parse(short_args)
+        self.assertTrue(namespace.must_staple)
+        self.assertTrue(namespace.staple)
+
     def test_staging_flag(self):
         parse = self._get_argument_parser()
         short_args = ['--staging']