Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Michael W. Lucas
On Fri, Jan 27, 2017 at 09:53:25PM +, Bob Beck wrote: >On Fri, Jan 27, 2017 at 14:12 Michael W. Lucas > Or a misconfiguration. ? show configs Configs follow. # cat /etc/httpd.conf include "/etc/sites/www3.conf" include "/etc/sites/www4.conf" www3.conf: server "www3.mwlucas.org" {

Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Bob Beck
On Fri, Jan 27, 2017 at 15:23 Stuart Henderson wrote: > On 2017/01/27 22:09, Bob Beck wrote: > > > I think you have more issues than ocsp. if thats the same host you can't > > > have two different tls certs on the same ip. and you have them both on > > > *443 > > > > > >

Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Stuart Henderson
On 2017/01/27 22:09, Bob Beck wrote: > I think you have more issues than ocsp. if thats the same host you can't > have two different tls certs on the same ip. and you have them both on > *443 > > try using a separate ip for each Wasn't SNI support added to httpd already?

Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Bob Beck
I think you have more issues than ocsp. if thats the same host you can't have two different tls certs on the same ip. and you have them both on *443 try using a separate ip for each On Fri, Jan 27, 2017 at 15:03 Michael W. Lucas wrote: > On Fri, Jan 27, 2017 at

Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Bob Beck
On Fri, Jan 27, 2017 at 14:12 Michael W. Lucas wrote: > On Fri, Jan 27, 2017 at 02:50:29PM -0500, Michael W. Lucas wrote: > > > On Fri, Jan 27, 2017 at 06:49:06PM +, Stuart Henderson wrote: > > > > That looks like a web server bug, it shouldn't return a staple >

Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Michael W. Lucas
On Fri, Jan 27, 2017 at 02:50:29PM -0500, Michael W. Lucas wrote: > On Fri, Jan 27, 2017 at 06:49:06PM +, Stuart Henderson wrote: > > That looks like a web server bug, it shouldn't return a staple > > in that case. What software are you using for that? > > > > OpenBSD httpd, of course.

Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Michael W. Lucas
On Fri, Jan 27, 2017 at 06:49:06PM +, Stuart Henderson wrote: > That looks like a web server bug, it shouldn't return a staple > in that case. What software are you using for that? OpenBSD httpd, of course. amd64 snapshot downloaded yesterday from ftp3.usa.openbsd.org. ==ml -- Michael

Re: err with multiple TLS sites but one OCSP?

2017-01-27 Thread Stuart Henderson
On 2017/01/27 13:10, Michael W. Lucas wrote: > Hi, > > Not sure if this is an expected part of OCSP or a bug. > > I've configured two TLS sites on one host, one with OCSP stapling > (www3.mwlucas.org) and one without (www4.mwlucas.org). The OCSP site > works fine, but the non-OCSP site generates