Copilot commented on code in PR #12952: URL: https://github.com/apache/trafficserver/pull/12952#discussion_r2914371465
########## doc/release-notes/upgrading.en.rst: ########## @@ -182,6 +182,16 @@ The following :file:`records.yaml` changes have been made: allocating iobuffers and cache volumes from hugepages if configured in the system. - The records.yaml entry ``proxy.config.plugin.compiler_path`` has been added to specify an optional compiler tool path for compiling plugins. +- If OCSP stapling is enabled, ATS 10 and later fetch OCSP responses through + FetchSM instead of OpenSSL. Add the OCSP responder URL from the certificate + to :file:`remap.config`. For example, a certificate that uses + ``http://ocsp.digicert.com/`` needs the following mapping: + + .. code-block:: none + + map http://ocsp.digicert.com/ http://ocsp.digicert.com/ + + See :ref:`admin-ocsp-stapling` for more details. Review Comment: This new bullet is placed under 'The following records.yaml changes have been made', but it describes a `remap.config` requirement (not a `records.yaml` change). Consider moving this note to a more appropriate upgrade subsection (e.g., SSL/OCSP, or a general 'behavior changes' section) to avoid misleading readers. ########## doc/admin-guide/security/index.en.rst: ########## @@ -334,6 +334,14 @@ Authority Information Access field of the signed certificate. For example:: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt +Before ATS 10, OCSP fetches were handled by OpenSSL. Starting in ATS 10, +|TS| performs the OCSP fetch itself through FetchSM, so the OCSP responder URL Review Comment: Line 338 has `||TS|` (double pipe), which will render incorrectly in Sphinx and likely break the `|TS|` substitution. Replace it with `|TS|`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
