Hi Igor,
> Hi, list
>
> I enable OCSP with empty .ocsp file, but it seems not work,
> https://www.ssllabs.com/ssltest/ reports "OCSP No".
>
> If do "openssl ocsp -issuer s.pem.issuer -cert s.pem -url
> http://ocsp.startssl.com/sub/class2/server/ca -header "HOST"
> "ocsp.startssl.com" -respout s.pem.ocsp", so it works, ssllabs reports
> "OCSP Yes".
>
> May be like this issue: http://trac.nginx.org/nginx/ticket/465 ?
Expected behavior. HAproxy has no dns resolver and does not
automatically download ocsp informations.
*YOU* need to provide the OCSP data externally, and haproxy will
forward it.
The nginx implementation does everything on its own, the haproxy
implementation does absolutely not do that.
Regards,
Lukas