On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote:
> On 2023-07-17 15:17, William Lallemand wrote:
> > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote:
> >> Hi,
> >>
> >> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I
> >> couldn't
> >> connect to any of the sites behind it.
> >>
> >> While looking at the error it seems like OCSP is not working anymore.
> >> Right now I have a setup in which I provision the certificates with
> >> the
> >> corresponding ocsp file next to it. If this not supported anymore?
> >
> > This is supposed to still be working, however we could have introduced
> > bugs when building the ocsp-update. Are you seeing errors during the
> > OCSP file loading?
>
> I don't see any errors, not even when I start haproxy by hand with '-d'.
> It's just like the ocsp isn't used at al. Also started haproxy with
> strace attached and I see the ocsp files are loaded.
>
> Regards,
>
> Sander
>
Did you check with "show ssl ocsp-response" ?
http://docs.haproxy.org/2.8/management.html#show%20ssl%20ocsp-response
--
William Lallemand