Change supportsOcspStapling from boolean to version based

[gene1wood]

Currently supportsOcspStapling is either true or false for a given server, but for servers that initially didn't support OCSP Stapling, but then added that support at a given version (like lighttpd) neither true nor false is really true.

I suggest updating the behavior

• to continue to accept true and false
• to also accept a version number

[gene1wood]

This would be useful for proftpd for example.

[janbrasna]

@gene1wood All the "supports*"/"uses*"/"show*" bool config values have just display logic attached to them and are only used to enable or disable individual UI components in the form to the end user, whereas the actual support version test must be in the handlebars anyways. (Read: version value for enabling/disabling the input per chosen server version is a nice UX enhancement, but might need to being kept in sync with hbs conditions:/…)

The fact these bool values are only presentational is used e. g. in HSTS where set to false to disable the checkbox in configs where the HSTS is always enabled and can't be disabled — so it's merely a flag to make the UI input disabled (read only), even when there is HSTS support 🤷

I like the way how tls13 uses noSupportedVersion constant with arbitrary high version number to practically mean false in comparisons so that might be the way, incl. consuming the value to hbs for version conditional there in render (and not having to keep the same version number test for stapling support in hbs, just comparing to configs[].* value…) however — I've looked around and several bits in state.js, in form and output, rely on its bool logic and would have to be adapted to support both UI roles and version comparison logic, more like tls13 is being handled with the minver helper.

[gstrauss]

We might start by commenting the version information in src/js/configs.js.

I think HandlebarJS templates are far from ideal and not at all clear places to read specs, even though they implement the specs for display.

[gstrauss]

I submitted #274 to move support version check with supportsOcspStapling. I preserved the existing behavior of "not explicitly false means that supportsOcspStapling is true-ish".

For UX, this logic could be extended with a special value for "supported-but-not-configurable" so that the checkbox in the GUI is not user-modifiable (e.g. to uncheck) when the server always supports OCSP stapling.

Following this pattern for other variables could move more logic out of the templates and into state.js, reducing the size and complexity of the templates.

---

Taking a step back, this issue from 2021 was a 10-minute PR #274 for me. We should have a discussion about making sure that there at least some contributors who have the skills to maintain this project. (For the project-manager-types who might comment that this was not high priority, well then those project managers should have marked this issue as such, or triaged the issue into a wishlist maintained elsewhere.) I have spent longer commenting on this issue than I did writing the code and testing for #274.