On Mon, Jul 24, 2023 at 07:21:16AM +, Jarno Huuskonen wrote:
> Hello,
>
> On Fri, 2023-07-21 at 17:31 +0200, Remi Tricot-Le Breton wrote:
> > I found the faulty commit for Jarno's issue ("cc346678d MEDIUM: ssl: Add
> > ocsp_certid in ckch structure and discard ocsp buffer early").
> > Here's
Hello,
On Fri, 2023-07-21 at 17:31 +0200, Remi Tricot-Le Breton wrote:
> I found the faulty commit for Jarno's issue ("cc346678d MEDIUM: ssl: Add
> ocsp_certid in ckch structure and discard ocsp buffer early").
> Here's a patch that should fix it. If you want to try it with your
> setups be my
Hello,
On 21/07/2023 14:40, Remi Tricot-Le Breton wrote:
Hello,
On 21/07/2023 11:51, Jarno Huuskonen wrote:
Hi,
On Thu, 2023-07-20 at 20:27 +0200, Sander Klein wrote:
The best thing to do is to test with `openssl s_client -showcerts
-connect some.hostname.nl:443` with both your versions to
Hello,
On 21/07/2023 11:51, Jarno Huuskonen wrote:
Hi,
On Thu, 2023-07-20 at 20:27 +0200, Sander Klein wrote:
The best thing to do is to test with `openssl s_client -showcerts
-connect some.hostname.nl:443` with both your versions to identify what
changed.
I've tested with 'openssl s_client
On 2023-07-21 11:51, Jarno Huuskonen wrote:
If I change the order of ipv4 / ipv6 binds (so bind ipv6@:::443 name
v6ssl... is first) then haproxy(2.8.1) sends ocsp with ipv6 connection
and
not with ipv4.
Hmmm, I cannot reproduce this, but this might be because I have multiple
frontends with
Hi,
On Thu, 2023-07-20 at 20:27 +0200, Sander Klein wrote:
> > The best thing to do is to test with `openssl s_client -showcerts
> > -connect some.hostname.nl:443` with both your versions to identify what
> > changed.
>
> I've tested with 'openssl s_client -showcerts -connect mydomain.com:443
>
On Thu, Jul 20, 2023 at 08:27:08PM +0200, Sander Klein wrote:
> On 2023-07-20 11:14, William Lallemand wrote:
> > On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote:
> >> On 2023-07-19 11:00, William Lallemand wrote:
> >> "show ssl ocsp-resonse" gives me a lot of output like:
> >>
> >>
On 2023-07-20 11:14, William Lallemand wrote:
On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote:
On 2023-07-19 11:00, William Lallemand wrote:
"show ssl ocsp-resonse" gives me a lot of output like:
Certificate ID key : *LONGID*
Certificate path : /parth/to/cert.pem
Certificate ID:
On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote:
> On 2023-07-19 11:00, William Lallemand wrote:
> > On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote:
> >> On 2023-07-17 15:17, William Lallemand wrote:
> >> > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote:
>
On 2023-07-19 11:00, William Lallemand wrote:
On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote:
On 2023-07-17 15:17, William Lallemand wrote:
> On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote:
>> Hi,
>>
>> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I
On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote:
> On 2023-07-17 15:17, William Lallemand wrote:
> > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote:
> >> Hi,
> >>
> >> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I
> >> couldn't
> >> connect to any of
On 2023-07-17 15:17, William Lallemand wrote:
On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote:
Hi,
I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I
couldn't
connect to any of the sites behind it.
While looking at the error it seems like OCSP is not working
On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote:
> Hi,
>
> I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't
> connect to any of the sites behind it.
>
> While looking at the error it seems like OCSP is not working anymore.
> Right now I have a setup in
Hi,
On 2023-07-14 01:56, Shawn Heisey wrote:
On 7/13/23 09:01, Sander Klein wrote:
I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I
couldn't connect to any of the sites behind it.
While looking at the error it seems like OCSP is not working anymore.
Right now I have a setup
On 7/13/23 17:56, Shawn Heisey wrote:
I do still use this script on one of my servers where I can't get
haproxy's built-in ocsp updating to work right. It is haproxy 2.8.1.
A few minutes ago, I fixed the problem on that server with haproxy's
built-in OCSP updater, so the script is officially
On 7/13/23 09:01, Sander Klein wrote:
I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't
connect to any of the sites behind it.
While looking at the error it seems like OCSP is not working anymore.
Right now I have a setup in which I provision the certificates with the
Hi,
I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't
connect to any of the sites behind it.
While looking at the error it seems like OCSP is not working anymore.
Right now I have a setup in which I provision the certificates with the
corresponding ocsp file next to
17 matches
Mail list logo