Am 02.12.2017 um 21:04 schrieb Jeremy Harris: > On 02/12/17 19:06, Jeremy Harris wrote:
>> On 02/12/17 16:42, Torsten Tributh via Exim-users wrote:
>>> tls_certificate
>>> tls_privatekey
>>>
>>> is now used as a list and works fine, but
>>> what happens with:
>>>
>>> tls_ocsp_file
>>>
>>> I am not able to make it work as a list.
>>> Is there a problem, or do make something wrong?
>>
>> You didn't do anything wrong. The support isn't there, and
>> that's a problem. I'll have a look but it's a bit late now for
>> such a change to go in before 4.90 - if I decide that I'll add
>> warning notes in the documentation.
>>
>> Thanks for finding it, and I apologise for the oversight.
>
> Under GnuTLS making this possible will need GnuTLS 3.5.6
> or later.
>
> Under OpenSSL current versions it will not be possible
> thanks to the SSL_get_certificate() bug.
>
> I'm afraid this won't be fixed for 4.90.
> It's sad to hear. Does the bug in OpenSSL still exists in OpenSSL 1.1.0?
I am not sure if nginx found a way to handle it.
It seems that also with multiple certificates the OCSP stapling works
there correct.
They use of course a complete different way to make their stapling
compared to exim.
Maybe this could be a hint for a possible solution.
