mirror of
https://github.com/haproxy/haproxy.git
synced 2026-07-15 12:01:12 -04:00
MINOR: ocsp: Do not see ocsp loading failures as fatal anymore
Until now, if the call to 'ssl_sock_load_ocsp' raised an error, because of a missing issuer certificate for instance, we would send a fatal error code and the init would fail. With this patch we only consider this as a non-critical error and we will send a warning instead. In such a case the OCSP response will not be loaded and stapling or auto update features will not work for the certificate.
This commit is contained in:
parent
236bb6d5f9
commit
e090316735
1 changed files with 1 additions and 1 deletions
|
|
@ -3111,7 +3111,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, struct ckch_store *store
|
|||
else
|
||||
memprintf(err, "%s '%s' has an OCSP auto-update set to 'on' but an error occurred (maybe the OCSP URI or the issuer could not be found)'.\n",
|
||||
err && *err ? *err : "", path);
|
||||
errcode |= ERR_ALERT | ERR_FATAL;
|
||||
errcode |= ERR_WARN;
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue