On 10/4/23 05:34, Remi Tricot-Le Breton wrote:
You just have to run the following commands :
$ echo "update ssl ocsp-response <path_to_cert>" | socat
/path_to_socket/haproxy.sock -
When I do this, the update is successful and shows in the logfile
created by rsyslogd ... but unlike when haproxy does the automatic
hourly update, there is no service reload, so the proxies are not stopped.
When my old ocsp updating script sent an ocsp response to the stats
socket, there was no service reload either.
I couldn't follow what's in the src/ssl_ocsp.c file. It has been a
REALLY long time since I actually wrote C code myself. I was hoping to
find out whether or not that code was initiating a service reload when
systemd support is enabled.
I have tried to find something external to haproxy that might be
initiating the reload, but I haven't found anything.
Thanks,
Shawn
