Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nginx] Support OCSP Stapling #4758

Closed
ConnorJC3 opened this issue Nov 17, 2019 · 5 comments
Closed

[nginx] Support OCSP Stapling #4758

ConnorJC3 opened this issue Nov 17, 2019 · 5 comments
Assignees
@ElvinEfendi

Comments

@ConnorJC3
Copy link

Is this a request for help?: No

What keywords did you search in NGINX Ingress controller issues before filing this one?: OCSP stapling, ssl_stapling

Is this a BUG REPORT or FEATURE REQUEST?: FEATURE REQUEST

As far as I can tell ever since #4356 it is impossible to enable OCSP stapling because the certificates are handled in lua, and the current nginx-ingress lua implementation doesn't support OCSP. Even attempting to directly enable OCSP via putting ssl_stapling on; in a server snippet does not enable it.

Would it be possible to once again allow OCSP stapling with nginx-ingress? I don't have much experience with OpenResty but it seems like it can be done in lua (https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ocsp.md).
@aledbf aledbf mentioned this issue Dec 29, 2019
Closed
8 tasks
@leonklingele leonklingele mentioned this issue Feb 8, 2020
Merged
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 17, 2020
@ConnorJC3
Copy link
Author

ConnorJC3 commented Feb 17, 2020
edited
Loading

/remove-lifecycle stale

Being worked on in #4864

@ElvinEfendi ElvinEfendi mentioned this issue Feb 23, 2020
Merged
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Mar 18, 2020
@ConnorJC3
Copy link
Author

/remove-lifecycle rotten

Apparently I scuffed removing the label last time, still appears to have ongoing work (#5133)

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Mar 21, 2020
@aledbf
Copy link
Member

aledbf commented Apr 17, 2020

Closing. Fixed in #5133

@aledbf aledbf closed this as completed Apr 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ElvinEfendi ElvinEfendi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for OCSP aledbf/ingress-nginx
5 participants
@aledbf @ElvinEfendi @ConnorJC3 @k8s-ci-robot @fejta-bot