httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41123] - Support of OCSP in mod_ssl (rewritten patch from bug #31383)
Date Tue, 27 Nov 2007 17:13:58 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41123>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41123





------- Additional Comments From jorton@redhat.com  2007-11-27 09:13 -------
Changes in second patch:

1) fixed to check URI scheme, and correctly free "values" stack per Steve's comment

2) drop the duplicate X509_STORE_CTX & X509_STORE creation.  I can't see why
this is necessary; Marc, can you explain what that was for?  OCSP_basic_verify()
creates its own X509_STORE_CTX anyway in which to do the verify the response
signature, so it was never used directly.  Dropping this doesn't seem to make
any difference to result in testing, either.

Was this just here to allow for future customisation of how the response
signature is verified?

3) simplified some more logging/debugging.  Uses the new ssl_log_cxerror()
function added on the trunk to log cert details as context.

Steve, thanks for a lot for the review - agree with your points (3) and (4) but
would like to address these later.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message