Hey Willy, On 12/8/15, 5:27 PM, "Willy Tarreau" <[email protected]> wrote: > >In my opinion, these suffixes should be used only after the real cert >file name. So when you load "foobar.ecdsa", you should only consider >"foobar.ecdsa.ocsp" and so on. And from what I remember, on the CLI >we mention the cert name when feeding an OCSP entry so that should >continue to work perfectly.
I agree, the limitation here is that the way HAProxy is current designed only allows for 1 OCSP staple per SSL_CTX. This will have to change to multiple staples for SSL_CTX¹s with multiple certs. > >I do think so. We'll just have to remerge 4, 5 and 6 into their respective >patches (2 apparently) and we're good to go. If Emeric doesn't raise any >objection (apparently you addressed his concerns) I can merge all that >myself. >If you prefer to remerge the patches above yourself, no problem for me. I can remerge everything into 3 patches, it will be cleaner that way. I¹ll send them out tomorrow. Thanks! -Dave
