Use OCSP live signing when not using Redis

2026-01-27 10:19:34 +00:00 · 2023-06-22 19:49:29 +02:00
parent 94464a6ca9
commit 77335e1a3e
1 changed files with 21 additions and 1 deletions
--- a/patches/ocsp-responder_main.patch
+++ b/patches/ocsp-responder_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go
-index 52027e8cd..320a41917 100644
+index 52027e8cd..4dcc9118a 100644
 --- a/cmd/ocsp-responder/main.go
 +++ b/cmd/ocsp-responder/main.go
@@ -88,7 +88,7 @@ type Config struct {
@@ -20,3 +20,23 @@ index 52027e8cd..320a41917 100644
 		// Set up the redis source and the combined multiplex source.
 		rocspRWClient, err := rocsp_config.MakeClient(c.OCSPResponder.Redis, clk, scope)
 		cmd.FailOnError(err, "Could not make redis client")
+@@ -197,6 +197,19 @@ as generated by Boulder's ceremony command.
+ 
+ 		source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger)
+ 		cmd.FailOnError(err, "Could not create checkedRedis source")
+	} else {
+		tlsConfig, err := c.OCSPResponder.TLS.Load(scope)
+		cmd.FailOnError(err, "TLS config")
+
+		raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, scope, clk)
+		cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
+		rac := rapb.NewRegistrationAuthorityClient(raConn)
+
+		maxInflight := c.OCSPResponder.MaxInflightSignings
+		if maxInflight == 0 {
+			maxInflight = 1000
+		}
+		source = live.New(rac, int64(maxInflight), c.OCSPResponder.MaxSigningWaiters)
+ 	}
+ 
+ 	// Load the certificate from the file path.