You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Alan M. Carroll (JIRA)" <ji...@apache.org> on 2014/12/18 06:09:14 UTC

[jira] [Commented] (TS-3186) support ocsp queries through a proxy

    [ https://issues.apache.org/jira/browse/TS-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14251190#comment-14251190 ] 

Alan M. Carroll commented on TS-3186:
-------------------------------------

I've reviewed the internal request on which this is based and I think the goal is reasonable. To answer James' questions again, the issue is that the ATS is operating in reverse proxy and is restricted in the set of hosts to which it can connect. E.g., only the CDN hosts. These hosts do not include the OCSP origins which is why (1) a proxy is needed and (2) is only needed for OCSP operations. All normal HTTP requests will be remapped to accessible hosts. In effect, you can think of this as a special remap rule for OCSP, since you can't do that in the normal remap logic.

As purely a style question, would it be better to have a single value that is host and port in the usual style, e.g. "ocsp.proxy.server.com:8001"?

> support ocsp queries through a proxy 
> -------------------------------------
>
>                 Key: TS-3186
>                 URL: https://issues.apache.org/jira/browse/TS-3186
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: SSL
>            Reporter: Atsutomo Kotani
>            Assignee: Alan M. Carroll
>             Fix For: 5.3.0
>
>         Attachments: ocsp_proxy.diff
>
>
> When ATS behind http proxy, it need ocsp queries through http proxy for ocsp stapling. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)