Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Skip invalid OCSP files after issuing a warning #12421

Merged
merged 2 commits into from
Jan 20, 2023

Conversation

rgacogne
Copy link
Member

Short description

Contrary to certificates and keys, OCSP files are never required to provide a working DoT or DoH service, so it's better to start even if would not load all, or any, OCSP files.

Closes #12341.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

pdns/libssl.cc Outdated Show resolved Hide resolved
pdns/libssl.hh Outdated Show resolved Hide resolved
Contrary to certificates and keys, OCSP files are never required to
provide a working DoT or DoH service, so it's better to start even
if would not load all, or any, OCSP files.
@rgacogne
Copy link
Member Author

Rebased to fix a conflict.

@rgacogne rgacogne merged commit 1c03bde into PowerDNS:master Jan 20, 2023
@rgacogne rgacogne deleted the ddist-skip-invalid-ocsp branch January 20, 2023 15:07
@rgacogne rgacogne mentioned this pull request Mar 6, 2023
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

dnsdist: Skip invalid OCSP files and keep on
2 participants