From 77335e1a3ea758a0a552129dbae6a911e31c66f5 Mon Sep 17 00:00:00 2001 From: Arjan H Date: Thu, 22 Jun 2023 19:49:29 +0200 Subject: [PATCH] Use OCSP live signing when not using Redis --- patches/ocsp-responder_main.patch | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/patches/ocsp-responder_main.patch b/patches/ocsp-responder_main.patch index ceacbcd..6ed694a 100644 --- a/patches/ocsp-responder_main.patch +++ b/patches/ocsp-responder_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go -index 52027e8cd..320a41917 100644 +index 52027e8cd..4dcc9118a 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go @@ -88,7 +88,7 @@ type Config struct { @@ -20,3 +20,23 @@ index 52027e8cd..320a41917 100644 // Set up the redis source and the combined multiplex source. rocspRWClient, err := rocsp_config.MakeClient(c.OCSPResponder.Redis, clk, scope) cmd.FailOnError(err, "Could not make redis client") +@@ -197,6 +197,19 @@ as generated by Boulder's ceremony command. + + source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger) + cmd.FailOnError(err, "Could not create checkedRedis source") ++ } else { ++ tlsConfig, err := c.OCSPResponder.TLS.Load(scope) ++ cmd.FailOnError(err, "TLS config") ++ ++ raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, scope, clk) ++ cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") ++ rac := rapb.NewRegistrationAuthorityClient(raConn) ++ ++ maxInflight := c.OCSPResponder.MaxInflightSignings ++ if maxInflight == 0 { ++ maxInflight = 1000 ++ } ++ source = live.New(rac, int64(maxInflight), c.OCSPResponder.MaxSigningWaiters) + } + + // Load the certificate from the file path.