apply kn007 ocsp stapling patch

[natsl05164]

Ran the dockerfile with the KN007 Enable_BoringSSL_OCSP.patch without error. However i didn't make a test on real https domain.. The KN007 patch is It adds OCSP stapling support for BoringSSL to Nginx using the ssl_stapling_file parameter. However the ssl_stapling_file (/path/to/ocsp.resp) needs to be renewed from the issuer site every fixed duration and the response will be saved to (/path/to/ocsp.resp) which is what the cron job does. You may see the details given on KN007's blog https://kn007.net/topics/let-nginx-support-ocsp-stapling-when-using-boringssl/. Thanks

[macbre]

Tests are failing with:

2023-09-17T12:10:13.7923577Z 2023/09/17 12:10:13 [notice] 1#1: using boringssl, currently only "ssl_stapling_file" is supported. use it as your own risk
2023-09-17T12:10:13.7928916Z 2023/09/17 12:10:13 [emerg] 1#1: BIO_new_file("/path/to/ocsp.resp") failed (SSL: error:02000002:system library:OPENSSL_internal:No such file or directory:fopen('/path/to/ocsp.resp','r') error:1100006e:BIO routines:OPENSSL_internal:NO_SUCH_FILE)

[macbre]

I do not think that the approach with the cronjob setup will work for most users of this container. Hence...

1. Let's keep the patch being applied in the Dockerfile.
2. Comment out the ssl_stapling_file /path/to/ocsp.resp; field from the test config.
3. Move the tests/oscp.cron.sh file content to a README file describing how to set up the OCSP stapling (i.e. obtaining the OCSP reply from the certificate issuer).

[github-actions[bot]]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.