Re: OCSP and Startssl

[Lukas Tribus]

Hi Igor,


> Hi, list
> 
> I enable OCSP with empty .ocsp file, but it seems not work,
> https://www.ssllabs.com/ssltest/ reports "OCSP No".
> 
> If do "openssl ocsp -issuer s.pem.issuer -cert s.pem -url
> http://ocsp.startssl.com/sub/class2/server/ca -header "HOST"
> "ocsp.startssl.com" -respout s.pem.ocsp", so it works, ssllabs reports
> "OCSP Yes".
> 
> May be like this issue: http://trac.nginx.org/nginx/ticket/465 ?

Expected behavior. HAproxy has no dns resolver and does not
automatically download ocsp informations.

*YOU* need to provide the OCSP data externally, and haproxy will
forward it.


The nginx implementation does everything on its own, the haproxy
implementation does absolutely not do that.



Regards,

Lukas

  

OCSP and Startssl

[Igor]

Hi, list

I enable OCSP with empty .ocsp file, but it seems not work,
https://www.ssllabs.com/ssltest/ reports "OCSP No".

If do "openssl ocsp -issuer s.pem.issuer -cert s.pem -url
http://ocsp.startssl.com/sub/class2/server/ca -header "HOST"
"ocsp.startssl.com" -respout s.pem.ocsp", so it works, ssllabs reports
"OCSP Yes".

May be like this issue: http://trac.nginx.org/nginx/ticket/465 ?

Bests,
-Igor