On Fri, Jun 21, 2019 at 01:28:03PM +0200, Reyk Floeter wrote: > On Thu, Jun 20, 2019 at 07:58:10PM +0200, Bruno Flueckiger wrote: > > Hi, > > > > The patch below adds OCSP stapling to the TLS server in relayd(8). The > > OCSP response is read from a binary encoded DER file that can be created > > using ocspcheck(8). > > > > If a file with the same name as the certificate and private key files is > > found, its content is loaded and OCSP stapling is active. If there is no > > file or loading its content fails, OCSP stapling remains disabled. > > > > relayd(8) uses the same mechanism it uses to find the certificate file, > > only the file name extension is different: .der instead of .pem > > > > I had this diff finished more than a month ago, but it had to wait for > the SNI diff to go in. It is suprisingly similar to your version > except some minor difference in relay_tls_ctx_create(), the man page, > and the fact that I've decided for using ".ocsp" instead of ".der" for > the ending (as .der could be anything). > > OK?
Reads fine. Would be nice to hear that this works for Bruno, but it is ok tb
