On 6/2/2015 1:29 PM, Andrew Hayworth wrote: > On Tue, Jun 2, 2015 at 2:16 PM, Shawn Heisey <hapr...@elyograg.org> wrote: >> My script may update a dozen ocsp responses all used by a single haproxy >> process ... so when I am using the stats socket to set the ocsp >> response, how do I tell haproxy which of the certificates it is using >> needs that response? Do I need to diffeentiate them, or simply send all >> the ocsp responses in via the stats socket? > > No, you do not need to differentiate them. HAProxy will parse needed > information out of the base64-encoded response.
Thanks for the extremely helpful pointer! Now I have an updated script that makes everything work right, by sending every updated OCSP response to the haproxy stats socket. https://gist.github.com/elyograg/4b4703c3b7503c1f259e Thanks, Shawn