Hi,
I tried to add sctl extension to multi certificate bundles the same way
ocsp extensions.
I created a .sctl per certificate:
example.pem.rsa
example.pem.rsa.sctl
example.pem.ecdsa
example.pem.ecdsa.sctl
But this doesn't work, after reading the docs I found out that haproxy
doesn't support sctl for multi-cert configurations
OSCP files (.ocsp) and issuer files (.issuer) are supported with
multi-cert bundling. Each certificate can have its own .ocsp and .issuer
file. At this time, sctl is not supported in multi-certificate bundling.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
After reading the mailing list archive I found the multi-cert commit
with a comment by Janusz Dziemidowicz, he says that sctl should work the
same way like ocsp in multi-cert bundles.
https://www.mail-archive.com/haproxy@formilux.org/msg20990.html
But after this message nobody talked any longer about sctl and
multi-cert support.
Is there a technical reason or could it be implemented?
thx
--
Harald Leithner
ITronic
Wiedner Hauptstraße 120/5.1, 1050 Wien, Austria
Tel: +43-1-545 0 604
Mobil: +43-699-123 78 4 78
Mail: leith...@itronic.at | itronic.at
