[
https://issues.apache.org/jira/browse/TS-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14251190#comment-14251190
]
Alan M. Carroll commented on TS-3186:
-------------------------------------
I've reviewed the internal request on which this is based and I think the goal
is reasonable. To answer James' questions again, the issue is that the ATS is
operating in reverse proxy and is restricted in the set of hosts to which it
can connect. E.g., only the CDN hosts. These hosts do not include the OCSP
origins which is why (1) a proxy is needed and (2) is only needed for OCSP
operations. All normal HTTP requests will be remapped to accessible hosts. In
effect, you can think of this as a special remap rule for OCSP, since you can't
do that in the normal remap logic.
As purely a style question, would it be better to have a single value that is
host and port in the usual style, e.g. "ocsp.proxy.server.com:8001"?
> support ocsp queries through a proxy
> -------------------------------------
>
> Key: TS-3186
> URL: https://issues.apache.org/jira/browse/TS-3186
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: Atsutomo Kotani
> Assignee: Alan M. Carroll
> Fix For: 5.3.0
>
> Attachments: ocsp_proxy.diff
>
>
> When ATS behind http proxy, it need ocsp queries through http proxy for ocsp
> stapling.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
