Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3384

Add stats for OCSP Stapling errors

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 6.0.0
    • SSL

    Description

      1. Add stats for bad OCSP response status: revoked or unknown. 
        $ traffic_line -m proxy.process.ssl.ssl_ocsp
proxy.process.ssl.ssl_ocsp_revoked_cert_stat 0
proxy.process.ssl.ssl_ocsp_unknown_cert_stat 0

          OCSP_resp_find_status(bs, cinf->cid, &status, &reason, &rev, &thisupd, &nextupd);

  switch (status) {
    case V_OCSP_CERTSTATUS_GOOD:
      break;
    case V_OCSP_CERTSTATUS_REVOKED:
      SSL_INCREMENT_DYN_STAT(ssl_ocsp_revoked_cert_stat);
      break;
    case V_OCSP_CERTSTATUS_UNKNOWN:
      SSL_INCREMENT_DYN_STAT(ssl_ocsp_unknown_cert_stat);
      break;
    default:
      break;
  }
      2. change debug tag in OCSP Stapling to ssl_ocsp.

      Attachments

        1. TS-3384.diff
          7 kB
          Feifei Cai

        Issue Links

          blocks

          Task - A task that needs to be done. TS-3669 ☂ Critical issues for v6.0.0 release

          • Major - Major loss of function.
          • Closed
          relates to

          New Feature - A new feature of the product, which has yet to be developed. TS-2367 Add OCSP (Online Certificate Status Protocol) Stapling Support

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bcall Bryan Call
              ffcai Feifei Cai
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: