httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <>
Subject Re: Time for httpd 2.3.13...? And 2.4.0??
Date Sun, 19 Jun 2011 06:25:11 GMT
What about these two small fixes for mod_ssl (which I already tried to
push for 2.3.11)?

- don't do OCSP checks for valid self-issued certs

- address PR 48215 ("Renegotiation with SSLVerifyDepth 0 requires
multiple client authentication")

The complete message is attached again, but the gist for the first patch is:

> I don't mind adding support for trusted responders, but until that
> happens, I consider hard-coding mod_ssl to skip OCSP checks for valid
> self-signed certs a sensible choice.

Assuming that trusted responder support won't be added anytime
soon, it would make sense to get this in before 2.4 GA, IMO.


View raw message