Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3384

Add stats for OCSP Stapling errors

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0.0
    • Component/s: SSL
    • Labels:

      Description

      1. Add stats for bad OCSP response status: revoked or unknown.
        $ traffic_line -m proxy.process.ssl.ssl_ocsp
        proxy.process.ssl.ssl_ocsp_revoked_cert_stat 0
        proxy.process.ssl.ssl_ocsp_unknown_cert_stat 0
        
          OCSP_resp_find_status(bs, cinf->cid, &status, &reason, &rev, &thisupd, &nextupd);
        
          switch (status) {
            case V_OCSP_CERTSTATUS_GOOD:
              break;
            case V_OCSP_CERTSTATUS_REVOKED:
              SSL_INCREMENT_DYN_STAT(ssl_ocsp_revoked_cert_stat);
              break;
            case V_OCSP_CERTSTATUS_UNKNOWN:
              SSL_INCREMENT_DYN_STAT(ssl_ocsp_unknown_cert_stat);
              break;
            default:
              break;
          }
        
      2. change debug tag in OCSP Stapling to ssl_ocsp.

        Attachments

        1. TS-3384.diff
          7 kB
          Feifei Cai

          Issue Links

            Activity

              People

              • Assignee:
                bcall Bryan Call
                Reporter:
                ffcai Feifei Cai
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: