> I have adapted the stapling init code in trunk to switch to this > mechanism with r1564760 (just committed). Reviews appreciated, would > afterwards propose for backport. > > Kaspar
FWIW, r1564760 applies without error to 2.4.x and seems to work. It reads the Stapling information from "SSLOpenSSLConfCmd Certificate". The OCSP Stapling information is sent to the client and no errors are occuring. Kaspar, I ran into another issue when using an encrypted private key and "SSLOpenSSLConfCmd PrivateKey". Again it fails to load the encrypted private key with the following errors: 2014-02-05 18:02:24 foo.bar [ssl|emerg] AH02407: "SSLOpenSSLConfCmd PrivateKey /opt/apache/conf/ssl/foo.bar.key" failed for foo.bar:443 2014-02-05 18:02:24 foo.bar [ssl|emerg] SSL Library Error: error:0906A068:PEM routines:PEM_do_header:bad password read -- You entered an incorrect pass phrase!? 2014-02-05 18:02:24 foo.bar [ssl|emerg] SSL Library Error: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib [Wed Feb 05 18:02:24.877145 2014] [ssl:emerg] [pid 26568] AH02312: Fatal error initialising mod_ssl, exiting. Works fine with an unencrypted key, though. I do not know whether this is on OpenSSL's part or mod_ssl's. Falco
