On 03/12/17 07:45, Torsten Tributh via Exim-users wrote: >> Under OpenSSL current versions it will not be possible
>> thanks to the SSL_get_certificate() bug.
>>
>> I'm afraid this won't be fixed for 4.90.
>>
> It's sad to hear. Does the bug in OpenSSL still exists in OpenSSL 1.1.0?
Yes.
> I am not sure if nginx found a way to handle it.
> It seems that also with multiple certificates the OCSP stapling works
> there correct.
> They use of course a complete different way to make their stapling
> compared to exim.
> Maybe this could be a hint for a possible solution.
I was going by the suggested implementation method in the OpenSSL
man pages. Perhaps nginx has found an alternate route. Perhaps
you could investigate their code?
--
Cheers,
Jeremy