2017-03-08 17:39 GMT+01:00 Olivier Doucet <[email protected]>: > With your patch, I can see that you adressed an issue I had : I cannot send > an ocsp refresh to a certificate that do not hold an ocsp signature. It > seems you succeed in that by providing at least an empty file. That's a > start. > Can it be possible to modify current source code, to not provide any ocsp > file on startup but still accept OCSP refresh through haproxy socket ?
Probably, I've been also annoyed with this behavior for some time (empty .ocsp files do work, but generate a lot of warnings for me). Maybe I'll find some time to look into this later. Regardless, this patch is rather safe and should probably be applied anyway, if there are no concerns about it (and probably backported to 1.7). -- Janusz Dziemidowicz
