mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-01-17 14:50:59 +01:00
fb2b9988e8
The 'ocsp-update' option is parsed at the same time as all the other bind line options but it does not actually have anything to do with the bind line since it concerns the frontend certificate instead. For that reason, we should have a mean to identify inconsistencies in the configuration and raise an error when a given certificate has two different ocsp-update modes specified in one or more crt-lists. The simplest way to do it is to store the ocsp update mode directly in the ckch and not only in the ssl_bind_conf.