Return-Path: 
 <dev-return-70271-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 25988 invoked from network); 3 Dec 2010 10:31:58 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 3 Dec 2010 10:31:58 -0000
Received: (qmail 13058 invoked by uid 500); 3 Dec 2010 10:31:57 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 12825 invoked by uid 500); 3 Dec 2010 10:31:56 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 12817 invoked by uid 99); 3 Dec 2010 10:31:56 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Dec 2010 10:31:56 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=10.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS,T_FRT_SLUT
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of rob.stradling@comodo.com
 designates 82.109.38.202 as permitted sender)
Received: from [82.109.38.202] (HELO ian.brad.office.comodo.net)
 (82.109.38.202)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Dec 2010 10:31:48 +0000
Received: (qmail 12228 invoked by uid 1000); 3 Dec 2010 10:31:27 -0000
Received: from nigel.brad.office.comodo.net (HELO nigel.localnet)
 (192.168.0.58)
    by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES256-SHA encrypted)
 ESMTPS; Fri, 03 Dec 2010 10:31:27 +0000
From: Rob Stradling <rob.stradling@comodo.com>
To: dev@httpd.apache.org
Subject: Re: mod_ssl ssl_util_stapling.c warnings
Date: Fri, 3 Dec 2010 10:31:24 +0000
User-Agent: KMail/1.13.5 (Linux/2.6.32-gentoo-r7; KDE/4.4.5; i686; ; )
Cc: Dr Stephen Henson <shenson@oss-institute.org>
References: <4CF41F1D.3050301@apache.org> <4CF43F5F.4020308@oss-institute.org>
 <4CF44B94.90007@oss-institute.org>
In-Reply-To: <4CF44B94.90007@oss-institute.org>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201012031031.25319.rob.stradling@comodo.com>
X-Virus-Checked: Checked by ClamAV on apache.org

On Tuesday 30 November 2010 00:55:48 Dr Stephen Henson wrote:
> On 30/11/2010 00:03, Dr Stephen Henson wrote:
> > On 29/11/2010 21:46, Guenter Knauf wrote:
<snip>
> >> I think that we had some similar already in the past, and you suggested
> >> a change which was compatible with both 0.9.8 and 1.0.0 branches, but I
> >> cant recall ... Or do we need to cleanly solve this with some
> >> version-depent defines?
> > 
> > See of the patch for bug #50121 resolves this for you.
> 
> There's a slightly cleaner way of doing that r1040366 in trunk fixes it for
> me.
> 
> Steve.

Steve, thanks for cleaning and applying my patch.  A quick question, if I 
may...

Would it be possible to make OCSP Stapling enabled by default (when the server 
certificate contains an OCSP Responder URL in the AIA extension) instead of 
disabled by default?
(Perhaps "SSLUseStapling" could be replaced by "SSLDisableStapling")

I just wonder how many webmasters would bother to add "SSLUseStapling on" to 
their config files, even though OCSP Stapling benefits all parties.

I understand that Microsoft IIS 7.x enables OCSP Stapling by default.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online