On 22.06., Theo Buehler wrote: > On Fri, Jun 21, 2019 at 01:28:03PM +0200, Reyk Floeter wrote: > > On Thu, Jun 20, 2019 at 07:58:10PM +0200, Bruno Flueckiger wrote: > > > Hi, > > > > > > The patch below adds OCSP stapling to the TLS server in relayd(8). The > > > OCSP response is read from a binary encoded DER file that can be created > > > using ocspcheck(8). > > > > > > If a file with the same name as the certificate and private key files is > > > found, its content is loaded and OCSP stapling is active. If there is no > > > file or loading its content fails, OCSP stapling remains disabled. > > > > > > relayd(8) uses the same mechanism it uses to find the certificate file, > > > only the file name extension is different: .der instead of .pem > > > > > > > I had this diff finished more than a month ago, but it had to wait for > > the SNI diff to go in. It is suprisingly similar to your version > > except some minor difference in relay_tls_ctx_create(), the man page, > > and the fact that I've decided for using ".ocsp" instead of ".der" for > > the ending (as .der could be anything). > > > > OK? > > Reads fine. Would be nice to hear that this works for Bruno, but it is > > ok tb >
I like ".ocsp" better than ".der". And I'm a bit proud that my diff turns out to be good, although late :-). It works for me. Bruno
