httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Natanael Mignon - michael-wessel.de ...@michael-wessel.de>
Subject OCSP stapling in mod_ssl - use as OCSP cache for client authentication
Date Fri, 11 Sep 2009 07:24:46 GMT
Hello Steve,
dear list,

inspired by https://issues.apache.org/bugzilla/show_bug.cgi?id=43822 (OCSP stapling support
for mod_ssl) I dare asking, if this patch might solve a requirement we face at the moment:

We do client authentication with certificates in Apache/mod_ssl (working as SSL-reverse-proxy)
and we do require validation via OCSP. In order to avoid thousands of OCSP requests within
short time, the system must provide an OCSP request cache, i.e. the situation is a little
different from what the stapling patch is intended to do - but if we see Apache itself as
a "client", it would be fitting.

On basis of Apache 2.3 (for all the OCSP handling...) we have done some customizations already
(thanks for your help on openssl-users!), so including the stapling patch would be welcome.
I was wondering, if you had any ideas regarding this question that could help us? I'll look
at the code now and try to apply the patch.

Any thoughts and help welcome. Thanks in advance!

Mit freundlichen Grüßen / Kind regards
 Natanael Mignon

IT - beraten | planen | umsetzen | betreiben
__________________________________________________________________________
michael-wessel.de Informationstechnologie GmbH
Krausenstraße 50
30171 Hannover
Germany

fon  (+49) 511 260 911-0 (DW -13)
fax   (+49) 511 318 039-9
eMail    nm@michael-wessel.de
web      www.michael-wessel.de

Geschäftsführer: Michael Wessel Dipl. Phys.
Amtsgericht Hannover
HR B 59031

Alle Produktnamen und Firmennamen sind ggfs. eingetragene Warenzeichen und/oder Markennamen
der jeweiligen Hersteller.
Angebote freibleibend, Irrtümer und Druckfehler vorbehalten.
Lieferung vorbehaltlich ausreichender Selbstbelieferung.
© 2009 michael-wessel.de



Mime
View raw message