Bug 221950 - www/nghttp2 OCSP Stapling error when checking certificates
Summary: www/nghttp2 OCSP Stapling error when checking certificates
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Sunpoet Po-Chuan Hsieh
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-31 03:37 UTC by Rob Belics
Modified: 2017-09-11 14:07 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (sunpoet)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rob Belics 2017-08-31 03:37:21 UTC
When running nghttpx as a front end proxy and OCSP Stapling is attempted, an error "ocsp query command for /../../cert.pem failed: error=0, rstatus=100, status=1" This happens because a Python script, /usr/local/share/nghttpx/fetch-ocsp-response, is executed to check ssl certificates.

The problem: the script is missing the #!/usr/bin/env on the first line of the file. 

The fix: I do not know how to create a portable version but inserting '#!/usr/bin/env python2.7' on the first line removed the erros and OCSP stapling is working for me now.
Comment 1 Rob Belics 2017-08-31 21:39:10 UTC
Unless I'm misinterpreting things, all the python files in / and /python/ are set to use "python"
Comment 2 Sunpoet Po-Chuan Hsieh freebsd_committer 2017-09-11 11:30:15 UTC
This script is installed to DATADIR which is not intended to run directly. I removed the shebang to avoid unnecessary python dependency.
Comment 3 Rob Belics 2017-09-11 14:07:43 UTC
OCSP Stapling is not possible unless this script is executed by Python. The script is pointless otherwise. Can nothing be done about it?