httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Stern" <sternm...@hotmail.com>
Subject OCSP support added
Date Thu, 23 Sep 2004 11:41:59 GMT
I added support for certificate validation through OCSP, where the OCSP
server URI is contained in the certificate itself (following the X.509
standard).
The patch is available on
http://issues.apache.org/bugzilla/show_bug.cgi?id=31383 (for 2.0.49, but
most of it is in separate files).

The check is optional.
There is also a parameter to decide if the authentication fails or not when
the server cannot be reached.

The code allows conditional compilation (full code enclosed in #ifdef).

This was developed for the Belgium Government and distributed publicly from
may 2004. No bug has been reported since.

The code supports a proxy, although the option was not added in the config
file.
Another option in the config file could be to use a specified URI in case it
is not present in the certificate.

If you have any remarks about it, just send me an e-mail.
If you want this to be included in new releases, you can vote for it on
http://issues.apache.org/bugzilla/showvotes.cgi?voteon=31383.

Marc

Mime
View raw message