Minor Description
When I try to serve both an RSA and an ECDSA cert using a config like so:
$ grep ocsp records.config
CONFIG proxy.config.ssl.ocsp.enabled INT 1
$ grep -v ^# ssl_multicert.config
dest_ip=* ssl_cert_name=ecdsa.crt,rsa.crt ssl_key_name=ecdsa.key,rsa.key
I get the following error displayed in diags.log:
WARNING: fail to configure SSL_CTX for OCSP Stapling info for certificate at ecdsa.crt
Also when I connect via either of the following I get no stapled cert:
$ openssl s_client -connect localhost:443 -cipher 'ECDHE-ECDSA-AES128-SHA' -status
CONNECTED(00000003)
OCSP response: no response sent
...
$ openssl s_client -connect localhost:443 -cipher 'ECDHE-RSA-AES128-SHA' -status
CONNECTED(00000003)
OCSP response: no response sent
...
$
Here are the debug log messages:
diags.log:[Feb 5 22:44:03.230] Server
{0x2afd2845bd80} WARNING: fail to configure SSL_CTX for OCSP Stapling info for certificate at ecdsa.crttraffic.out:[Feb 5 22:44:03.230] Server {0x2afd2845bd80}
DEBUG: (ssl) ssl ocsp stapling is enabled
traffic.out:[Feb 5 22:44:41.250] Server
DEBUG: (ssl) ssl_callback_ocsp_stapling: fail to get certificate information