|Summary:||www/nghttp2 OCSP Stapling error when checking certificates|
|Product:||Ports & Packages||Reporter:||Rob Belics <robbelics>|
|Component:||Individual Port(s)||Assignee:||Sunpoet Po-Chuan Hsieh <sunpoet>|
|Severity:||Affects Only Me||Flags:||bugzilla:
Description Rob Belics 2017-08-31 03:37:21 UTC
When running nghttpx as a front end proxy and OCSP Stapling is attempted, an error "ocsp query command for /../../cert.pem failed: error=0, rstatus=100, status=1" This happens because a Python script, /usr/local/share/nghttpx/fetch-ocsp-response, is executed to check ssl certificates. The problem: the script is missing the #!/usr/bin/env on the first line of the file. The fix: I do not know how to create a portable version but inserting '#!/usr/bin/env python2.7' on the first line removed the erros and OCSP stapling is working for me now.
Comment 1 Rob Belics 2017-08-31 21:39:10 UTC
Unless I'm misinterpreting things, all the python files in / and /python/ are set to use "python"
Comment 2 Sunpoet Po-Chuan Hsieh 2017-09-11 11:30:15 UTC
This script is installed to DATADIR which is not intended to run directly. I removed the shebang to avoid unnecessary python dependency.
Comment 3 Rob Belics 2017-09-11 14:07:43 UTC
OCSP Stapling is not possible unless this script is executed by Python. The script is pointless otherwise. Can nothing be done about it?