matrixji commented on issue #10309:
URL: https://github.com/apache/apisix/issues/10309#issuecomment-1871825482
Co work with @chee003
From my perspective, the tls handshake is handled by lua already. So direct
configure with `ssl_stapling on;` may not work.
apixis's nginx.conf
```
ssl_certificate_by_lua_block {
apisix.stream_ssl_phase()
}
```
Which is similar with nginx-ingress's configures:
```
ssl_certificate_by_lua_block {
certificate.call()
}
```
While in latest nginx-ingress it has ocsp/ocsp-stapling handling inside
`certificate.call`, but apisix seems missing the handling of oscp request. I'm
not sure if it is a good idea for tring to porting the handling of ocsp from
3rd-party like ingress-nginx. If so we're hoping the feature could be provided
from the apisix.
A temp solution may using `clinet -> nginx-ingress -> apisix-gateway ->
app-beckend`, but currently we want just use apisix only(w/o any other
ingress/gateway)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
