Am 02.12.2017 um 21:04 schrieb Jeremy Harris: > On 02/12/17 19:06, Jeremy Harris wrote: >> On 02/12/17 16:42, Torsten Tributh via Exim-users wrote: >>> tls_certificate >>> tls_privatekey >>> >>> is now used as a list and works fine, but >>> what happens with: >>> >>> tls_ocsp_file >>> >>> I am not able to make it work as a list. >>> Is there a problem, or do make something wrong? >> >> You didn't do anything wrong. The support isn't there, and >> that's a problem. I'll have a look but it's a bit late now for >> such a change to go in before 4.90 - if I decide that I'll add >> warning notes in the documentation. >> >> Thanks for finding it, and I apologise for the oversight. > > Under GnuTLS making this possible will need GnuTLS 3.5.6 > or later. > > Under OpenSSL current versions it will not be possible > thanks to the SSL_get_certificate() bug. > > I'm afraid this won't be fixed for 4.90. > It's sad to hear. Does the bug in OpenSSL still exists in OpenSSL 1.1.0? I am not sure if nginx found a way to handle it. It seems that also with multiple certificates the OCSP stapling works there correct. They use of course a complete different way to make their stapling compared to exim. Maybe this could be a hint for a possible solution.
Kind regards Torsten -- Torsten -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
