httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Stradling <rob.stradl...@comodo.com>
Subject Re: mod_ssl ssl_util_stapling.c warnings
Date Fri, 03 Dec 2010 10:31:24 GMT
On Tuesday 30 November 2010 00:55:48 Dr Stephen Henson wrote:
> On 30/11/2010 00:03, Dr Stephen Henson wrote:
> > On 29/11/2010 21:46, Guenter Knauf wrote:
<snip>
> >> I think that we had some similar already in the past, and you suggested
> >> a change which was compatible with both 0.9.8 and 1.0.0 branches, but I
> >> cant recall ... Or do we need to cleanly solve this with some
> >> version-depent defines?
> > 
> > See of the patch for bug #50121 resolves this for you.
> 
> There's a slightly cleaner way of doing that r1040366 in trunk fixes it for
> me.
> 
> Steve.

Steve, thanks for cleaning and applying my patch.  A quick question, if I 
may...

Would it be possible to make OCSP Stapling enabled by default (when the server 
certificate contains an OCSP Responder URL in the AIA extension) instead of 
disabled by default?
(Perhaps "SSLUseStapling" could be replaced by "SSLDisableStapling")

I just wonder how many webmasters would bother to add "SSLUseStapling on" to 
their config files, even though OCSP Stapling benefits all parties.

I understand that Microsoft IIS 7.x enables OCSP Stapling by default.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

Mime
View raw message