Hi everybody,
I notice a new interesting functionality ocsp-update in haproxy 2.8 and wanted to test it.
According to doc1 and doc2 I moved my crt into the crt-list, but i am getting an error with those settings in place.
‘bind *:443’ in section ‘frontend’ : ‘crt-list’ : Incompatibilities found in OCSP update mode for certificate my.pem
Can someone explain what those found incompatibilities mean exactly 
/* Check if the ckch_store and the entry does have the same configuration */
int ocsp_update_check_cfg_consistency(struct ckch_store *store, struct crtlist_entry *entry, char *crt_path, char **err)
{
int err_code = ERR_NONE;if (store->data->ocsp_update_mode != SSL_SOCK_OCSP_UPDATE_DFLT || entry->ssl_conf) { if ((!entry->ssl_conf && store->data->ocsp_update_mode == SSL_SOCK_OCSP_UPDATE_ON) || (entry->ssl_conf && store->data->ocsp_update_mode != entry->ssl_conf->ocsp_update)) { memprintf(err, "%sIncompatibilities found in OCSP update mode for certificate %s\n", err && *err ? *err : "", crt_path); err_code |= ERR_ALERT | ERR_FATAL; } } return err_code;}
1 post - 1 participant