Sooo..
Pretty sure mlucas has uncovered a problem with the ocsp interface.
Basically I didn't attach it to the keypair, (yes Joel, I think you
told me so) so it only works with the master keypair.. OK, but the
problem is that it also returns the staple for other keypairs which is
wrong.
On Fri, Jan 27, 2017 at 09:53:25PM +, Bob Beck wrote:
>On Fri, Jan 27, 2017 at 14:12 Michael W. Lucas
> Or a misconfiguration. ? show configs
Configs follow.
# cat /etc/httpd.conf
include "/etc/sites/www3.conf"
include "/etc/sites/www4.conf"
www3.conf:
server "www3.mwlucas.org" {
On Fri, Jan 27, 2017 at 15:23 Stuart Henderson wrote:
> On 2017/01/27 22:09, Bob Beck wrote:
>
> > I think you have more issues than ocsp. if thats the same host you can't
>
> > have two different tls certs on the same ip. and you have them both on
>
> > *443
>
> >
>
> >
On 2017/01/27 22:09, Bob Beck wrote:
> I think you have more issues than ocsp. if thats the same host you can't
> have two different tls certs on the same ip. and you have them both on
> *443
>
> try using a separate ip for each
Wasn't SNI support added to httpd already?
I think you have more issues than ocsp. if thats the same host you can't
have two different tls certs on the same ip. and you have them both on
*443
try using a separate ip for each
On Fri, Jan 27, 2017 at 15:03 Michael W. Lucas
wrote:
> On Fri, Jan 27, 2017 at
On Fri, Jan 27, 2017 at 14:12 Michael W. Lucas
wrote:
> On Fri, Jan 27, 2017 at 02:50:29PM -0500, Michael W. Lucas wrote:
>
> > On Fri, Jan 27, 2017 at 06:49:06PM +, Stuart Henderson wrote:
>
> > > That looks like a web server bug, it shouldn't return a staple
>
On Fri, Jan 27, 2017 at 02:50:29PM -0500, Michael W. Lucas wrote:
> On Fri, Jan 27, 2017 at 06:49:06PM +, Stuart Henderson wrote:
> > That looks like a web server bug, it shouldn't return a staple
> > in that case. What software are you using for that?
>
>
>
> OpenBSD httpd, of course.
On Fri, Jan 27, 2017 at 06:49:06PM +, Stuart Henderson wrote:
> That looks like a web server bug, it shouldn't return a staple
> in that case. What software are you using for that?
OpenBSD httpd, of course. amd64 snapshot downloaded yesterday from
ftp3.usa.openbsd.org.
==ml
--
Michael
On 2017/01/27 13:10, Michael W. Lucas wrote:
> Hi,
>
> Not sure if this is an expected part of OCSP or a bug.
>
> I've configured two TLS sites on one host, one with OCSP stapling
> (www3.mwlucas.org) and one without (www4.mwlucas.org). The OCSP site
> works fine, but the non-OCSP site generates
Hi,
Not sure if this is an expected part of OCSP or a bug.
I've configured two TLS sites on one host, one with OCSP stapling
(www3.mwlucas.org) and one without (www4.mwlucas.org). The OCSP site
works fine, but the non-OCSP site generates an err.
It *appears* that queries to the non-OCSP site
10 matches
Mail list logo