Bug 221950

Summary: www/nghttp2 OCSP Stapling error when checking certificates
Product: Ports & Packages Reporter: Rob Belics <robbelics>
Component: Individual Port(s)Assignee: Sunpoet Po-Chuan Hsieh <sunpoet>
Status: New ---    
Severity: Affects Only Me Flags: bugzilla: maintainer-feedback? (sunpoet)
Priority: ---    
Version: Latest   
Hardware: amd64   
OS: Any   

Description Rob Belics 2017-08-31 03:37:21 UTC
When running nghttpx as a front end proxy and OCSP Stapling is attempted, an error "ocsp query command for /../../cert.pem failed: error=0, rstatus=100, status=1" This happens because a Python script, /usr/local/share/nghttpx/fetch-ocsp-response, is executed to check ssl certificates.

The problem: the script is missing the #!/usr/bin/env on the first line of the file. 

The fix: I do not know how to create a portable version but inserting '#!/usr/bin/env python2.7' on the first line removed the erros and OCSP stapling is working for me now.
Comment 1 Rob Belics 2017-08-31 21:39:10 UTC
Unless I'm misinterpreting things, all the python files in / and /python/ are set to use "python"
Comment 2 Sunpoet Po-Chuan Hsieh freebsd_committer 2017-09-11 11:30:15 UTC
This script is installed to DATADIR which is not intended to run directly. I removed the shebang to avoid unnecessary python dependency.
Comment 3 Rob Belics 2017-09-11 14:07:43 UTC
OCSP Stapling is not possible unless this script is executed by Python. The script is pointless otherwise. Can nothing be done about it?