mholt
commented
5 months ago Just curious but what happens if you set the HTTP_PROXY env var to that of the proxy and then run the program again? (make sure it then tries to staple with that env var set)
Closed arulthileeban closed 4 months ago
mholt
commented
5 months ago Just curious but what happens if you set the HTTP_PROXY env var to that of the proxy and then run the program again? (make sure it then tries to staple with that env var set)
mholt
commented
4 months ago I just noticed the end of your issue; I have a question:
While environment variables could potentially be used as a workaround, they would enforce all requests to be routed through a single proxy. This limitation may not align with the diverse proxy requirements often found in enterprise environments.
Is using an env var unacceptable in your use case?
arulthileeban
commented
4 months ago Yeah. In our environment, certmagic is used along with a reverse proxy which has multiple outbound connections to different network zones. Defining an environment variable would route all outbound connections through the same proxy, which would render our setup unusable.
mholt
commented
4 months ago @arulthileeban So, I believe that would be setting the Proxy field of the http.Transport struct? https://pkg.go.dev/net/http#Transport.Proxy
And it would simply be a function that returns the URL you specify in your config?
mholt
commented
4 months ago I've implemented a possible solution, let me know if it doesn't work for you 👍
arulthileeban
commented
4 months ago Thanks, Matt. I'll try it out
What would you like to have changed?
The current implementation of OCSP stapling in the package lacks configurability to send requests to the CA through a proxy. It would be beneficial to introduce a configurable option for OCSP stapling, allowing requests to be sent over a proxy.
Why is this feature a useful, necessary, and/or important addition to this project?
In enterprise environments, the ability to utilize OCSP stapling is crucial. However, many enterprises have specific requirements regarding proxy usage for different types of traffic. For instance, requests originating from company servers often need to be routed through a specific proxy when accessing the internet. Therefore, incorporating this feature is vital for the widespread adoption of OCSP stapling through this package in enterprises.
What alternatives are there, or what are you doing in the meantime to work around the lack of this feature?
While environment variables could potentially be used as a workaround, they would enforce all requests to be routed through a single proxy. This limitation may not align with the diverse proxy requirements often found in enterprise environments.