Max Mazurov
Max Mazurov
1. SMTPError is treated just like any other error, even if 2xx code is used in it. 2. Customizing non-failure responses is not supported and will not be - it...
For client, we would need to have an OCSP verifier which does not seem to be available in the standard library or x/crypto: https://github.com/golang/go/issues/40017 And there does not seem to...
As for stapling OCSP responses on server side, this is something we could probably work on. Need to study how caddy does it and see if we can share any...
I wonder if we can tear out our TLS management code and replace it with certmagic (https://github.com/caddyserver/certmagic) that also seems to implement OCSP stapling in addition to ACME (thus we...
Otherwise the code to steal is https://github.com/caddyserver/certmagic/blob/eba05a818ed35af0d015b6799486afff704ffa28/ocsp.go#L31
While I believe it is unfeasible for us to fully replace our TLS management code with Certmagic, I believe we can integrate it into tls.loader.file good enough so it could...
tls.loader.acme introduced by 93cf4f231a4e23ea7d6fef642024b027b39e995c supports OCSP stapling.
Yeah. That's the problem. It works only for certificates automatically obtained using built-in ACME client now.
Are we going to add support for new extensions in-tree?
Speaking of backendutil helpers, I extracted https://github.com/foxcpp/go-imap-sequpdate from my go-imap-maildir experiments. I am not putting it into this PR as I believe it is not polished out enough yet.