From fe09f6d096d3acac25721e29aab0cad25b0b110c Mon Sep 17 00:00:00 2001 From: Christian Date: Tue, 23 Aug 2022 00:38:09 +0200 Subject: [PATCH] Don't error log when no OCSP responder URL exists (#8881) --- rootfs/etc/nginx/lua/certificate.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua index 630462fab..48c8d7134 100644 --- a/rootfs/etc/nginx/lua/certificate.lua +++ b/rootfs/etc/nginx/lua/certificate.lua @@ -120,10 +120,14 @@ end -- While this has no functional implications, it generates extra load on OCSP servers. local function fetch_and_cache_ocsp_response(uid, der_cert) local url, err = ocsp.get_ocsp_responder_from_der_chain(der_cert) - if not url then + if not url and err then ngx.log(ngx.ERR, "could not extract OCSP responder URL: ", err) return end + if not url and not err then + ngx.log(ngx.DEBUG, "no OCSP responder URL returned") + return + end local request request, err = ocsp.create_ocsp_request(der_cert)