Hello,
Am 14.06.2016 um 18:31 schrieb Thijs Kinkhorst:
If so, I'd like it to become possible, because I'd prefer to be able to
set this entirely via the socket approach, and not having to special
case the initial condition where the response was not present.
But then you will have a race condition between the haproxy
start/reload/restart and when you actually insert the OCSP response in
haproxy; a time frame where haproxy won't serve ocsp responses to the
client and that seems like it would defeat the purpose of OCSP.
If you use must-stable, then you are actually self-DoSing your self.
But yes, PiBa-NL is right, just leave the file empty if thats what you
want [1].
Regards,
Lukas
[1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-crt
