httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31383] - OCSP support
Date Mon, 27 Sep 2004 09:01:36 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31383>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31383

OCSP support





------- Additional Comments From jorton@redhat.com  2004-09-27 09:01 -------
Thanks for the contribution, Marc.  A few meta-comments:

1) please attach the source files and patches as-is rather than in a zip file

2) please try and stick to the correct code style:
http://httpd.apache.org/dev/styleguide.html

3) ideally the patch should be against HEAD, failing that, the latest stable
release (i.e. without the unnecessary FakeBasicAuth fixes already in the tree)

>From actual review:

a) I'd put the ssl_ocsp.h stuff straight into mod_ssl.h (or ssl_private.h for
HEAD) rather than adding a new header

b) ssl_ocsp_setProxy and the global variables are not OK.  If this needs to be
configurable it should be properly configurable...

c) use of the X509_get_ext/X509V3_EXT_get/X509V3_EXT_d2i form of retrieving
extensions is not encouraged, AIUI: the correct (and simpler) method is to use
X509_get_ext_d2i.

d) C++/C99 style comments are not portable 
    // establish a connection to the OCSP responder

I suppose this also needs to be built conditionally on versions of OpenSSL
(>=0.9.7 ?) which support the OCSP stuff.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message