When running nghttpx as a front end proxy and OCSP Stapling is attempted, an error "ocsp query command for /../../cert.pem failed: error=0, rstatus=100, status=1" This happens because a Python script, /usr/local/share/nghttpx/fetch-ocsp-response, is executed to check ssl certificates.
The problem: the script is missing the #!/usr/bin/env on the first line of the file.
The fix: I do not know how to create a portable version but inserting '#!/usr/bin/env python2.7' on the first line removed the erros and OCSP stapling is working for me now.
Unless I'm misinterpreting things, all the python files in / and /python/ are set to use "python"
This script is installed to DATADIR which is not intended to run directly. I removed the shebang to avoid unnecessary python dependency.
OCSP Stapling is not possible unless this script is executed by Python. The script is pointless otherwise. Can nothing be done about it?
Rob, if it is still relevant for you, can you provide some more info or reproduction steps?
What sunpoet@ says is that nghttp2 installs this script into data dir, which shouldn't contain executables. In other words, this script should be run by user somehow.
How are you doing it?
(In reply to Gleb Popov from comment #4)
I do not recall how I was using this back then. I only recall that my program used nghttp2 as a proxy to nginx, I think. I was only experimenting with how to use nghttp2. My first post shows all I remember to make it work. I haven't taken the time to understand the reasoning from @sunpoet or what would need to be changed on my end to solve the problem. I could not immediately find my test code from back then but will continue to search for it this weekend as time permits.
I have not tried to use nghttp2 since back then but intend to do so if I ever find the time.
I will close this as "Not enough information", then. Feel free to open another PR, if you bump into this again.
You can also add me to CC in this case.