httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43822] - OCSP stapling support for mod_ssl
Date Fri, 09 Nov 2007 17:19:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43822>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43822





------- Additional Comments From steve@openssl.org  2007-11-09 09:19 -------
(In reply to comment #2)
> Does this patch relate to Bug 41123 and its patch?

In a way this does the opposite of #41123. 

#41123 is to allow a *server* to determine the certificate revocations status of
a *client* certificate using OCSP.

This patch is to allow a *client* to retrieve a cached response of the *server*
certificate status using OCSP.

Normally a busy site might result in large numbers of clients all simultaneously
querying a responder to determine the status of the same server certificate.
This patch makes the server query the responder once and distribute the same
cached response to multiple clients.

This makes use of the certificate status request TLS extension which is already
in use in IE7 under Vista and I believe other browsers may soon follow suit.

There is some common functionality between the two patches which could be
shared. They both include code to query a responder using OCSP. This version
makes use of APR sockets to implement a timeout whereas #41123 doesn't.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message