httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41123] - Support of OCSP in mod_ssl (rewritten patch from bug #31383)
Date Thu, 15 Nov 2007 14:13:59 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41123>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41123





------- Additional Comments From jorton@redhat.com  2007-11-15 06:13 -------
Created an attachment (id=21130)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=21130&action=view)
attempt 1 of refactored OCSP support

This is the cleaned up version of Marc's OCSP patch, diff relative to the
trunk.	

Relative changes:

- moves OCSP code to ssl_engine_ocsp.c
- heavily refactors, cleans up, simplifies code style etc in the above
- tones down the debugging a lot.  some common helper functions are needed in
ssl_engine_log.c to log cert subject name etc, if desired
- updates config.m4
- removed error handling for OpenSSL functions which can only fail on OOM
- removed poorly-named SSLOCSPResponderVerify (can be added back separately)
- removed addition of SSLForceValidation, which is orthogonal to basic OCSP
support (likewise add separately later)
- reworked the config options to be:

    SSLOCSPEnable <bool>
    SSLOCSPOverrideResponder <bool>
    SSLOCSPDefaultResponder <URL>

  rather than redundantly having two directives to supply a URL.
- simplify unnecessarily complex status/error handling for OCSP code 

This is untested since my OCSP test setup is broken currently, so it probably
doesn't actually work.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message