httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hotmail" <>
Subject OCSP addition
Date Tue, 11 May 2004 06:23:19 GMT

I plan to add OCSP support to mod_ssl.

I have the code for the OCSP check, but I'd like to check the integration
with everybody, as I will give the code back to you - if you're interesting
in it :-)

Here is what I currently plan:

1. Add a parameter "UseOCSP" in the config file

2. In function "ssl_callback_SSLVerify( )", replace the call to
"ssl_callback_SSLVerify_CRL( )" by a call to a new function
"ssl_callback_SSLVerify_Validity( )", with exactly the same parameters

3. In "ssl_callback_SSLVerify_Validity( )":

     - if the parameter "UseOCSP" is on, try an OCSP check

     - if the OCSP check failed because the certificate is revoked => return

     - if the OCSP check succeeded => return ok ("ok" is an input parameter,
don't know what it is exactly)

     - call "ssl_callback_SSLVerify_CRL( )" and return result

Do you see any problem with that ?

Is somebody interesting in testing that code, or even work on it ?


View raw message