refactor: fix typo, add more detail, rename option to be more clear

etc/emqx.conf

@@ -1521,11 +1521,12 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## Value: File
 listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 
-## Wheter to enable OCSP for the listener.
+## Whether to enable OCSP stapling for the listener.  If set to true,
+## requires definining the OCSP responder URL.
 ##
 ## Value: boolean
 ## Default: false
-## listener.ssl.external.enable_ocsp = true
+## listener.ssl.external.enable_ocsp_stapling = true
 
 ## URL for the OCSP responder to check the server certificate against.
 ##

priv/emqx.schema

@@ -1679,7 +1679,7 @@ end}.
   {datatype, {duration, ms}}
 ]}.
 
-{mapping, "listener.ssl.$name.enable_ocsp", "emqx.listeners", [
+{mapping, "listener.ssl.$name.enable_ocsp_stapling", "emqx.listeners", [
   {default, false},
   {datatype, {enum, [true, false]}}
 ]}.
@@ -2242,7 +2242,7 @@ end}.
                           {supported_subprotocols, string:tokens(cuttlefish:conf_get(Prefix ++ ".supported_subprotocols", Conf, ""), ", ")},
                           {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)},
                           {peer_cert_as_clientid, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_clientid", Conf, undefined)},
-                          {ocsp_enabled, cuttlefish:conf_get(Prefix ++ ".enable_ocsp", Conf, undefined)},
+                          {ocsp_stapling_enabled, cuttlefish:conf_get(Prefix ++ ".enable_ocsp_stapling", Conf, undefined)},
                           {ocsp_responder_url, cuttlefish:conf_get(Prefix ++ ".ocsp_responder_url", Conf, undefined)},
                           {ocsp_issuer_pem, cuttlefish:conf_get(Prefix ++ ".ocsp_issuer_pem", Conf, undefined)},
                           {ocsp_refresh_interval, cuttlefish:conf_get(Prefix ++ ".ocsp_refresh_interval", Conf, undefined)},

src/emqx_ocsp_cache.erl

@@ -98,7 +98,7 @@ inject_sni_fun(Listener = #{proto := Proto, name := Name, opts := Options0}) ->
     %% because otherwise an anonymous function will end up in
     %% `app.*.config'...
     ListenerID = emqx_listeners:identifier(Listener),
-    case proplists:get_bool(ocsp_enabled, Options0) of
+    case proplists:get_bool(ocsp_stapling_enabled, Options0) of
         false ->
             Options0;
         true ->
@@ -182,7 +182,7 @@ code_change(_Vsn, State, _Extra) ->
         lists:filter(
           fun(#{opts := Opts}) ->
                   undefined =/= proplists:get_value(ocsp_responder_url, Opts) andalso
-                      false =/= proplists:get_bool(ocsp_enabled, Opts)
+                      false =/= proplists:get_bool(ocsp_stapling_enabled, Opts)
           end,
           emqx:get_env(listeners, [])),
     PatchedListeners = [L#{opts => ?MODULE:inject_sni_fun(L)} || L <- ListenersToPatch],

test/emqx_ocsp_cache_SUITE.erl

@@ -96,7 +96,7 @@ init_per_testcase(t_openssl_client, Config) ->
                             , {cacertfile, CACert}
                             ]),
                 Opts1 = proplists:delete(ssl_options, Opts0),
-                Opts2 = emqx_misc:merge_opts(Opts1, [ {ocsp_enabled, true}
+                Opts2 = emqx_misc:merge_opts(Opts1, [ {ocsp_stapling_enabled, true}
                                                     , {ocsp_responder_url, "http://127.0.0.1:9877"}
                                                     , {ocsp_issuer_pem, IssuerPem}
                                                     , {ssl_options, SSLOpts2}]),
@@ -145,7 +145,7 @@ init_per_testcase(_TestCase, Config) ->
         , name => "test_ocsp"
         , opts => [ {ssl_options, [{certfile,
                                     filename:join(DataDir, "server.pem")}]}
-                  , {ocsp_enabled, true}
+                  , {ocsp_stapling_enabled, true}
                   , {ocsp_responder_url, "http://localhost:9877"}
                   , {ocsp_issuer_pem,
                      filename:join(DataDir, "ocsp-issuer.pem")}