Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3DA2618A76 for ; Tue, 12 May 2015 19:35:36 +0000 (UTC) Received: (qmail 68503 invoked by uid 500); 12 May 2015 19:35:30 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 68431 invoked by uid 500); 12 May 2015 19:35:30 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 68421 invoked by uid 99); 12 May 2015 19:35:30 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 May 2015 19:35:30 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 679D0C1241 for ; Tue, 12 May 2015 19:35:30 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.121 X-Spam-Level: X-Spam-Status: No, score=-0.121 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id pCUHSDU5Az8l for ; Tue, 12 May 2015 19:35:29 +0000 (UTC) Received: from mail-ig0-f177.google.com (mail-ig0-f177.google.com [209.85.213.177]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id A0D6A474CA for ; Tue, 12 May 2015 19:35:29 +0000 (UTC) Received: by iget9 with SMTP id t9so102063878ige.1 for ; Tue, 12 May 2015 12:35:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=F/E++7J/Sk66Ze8GWRL95M+Gvcq3nHa83K61VVeNaLs=; b=dNc6REMBrM1olggfP2vfm36BJ0y9x04/Di+tCK4y587iHAcQNWQbIX7+bE29DeHAYj W98uBt9dbdvsutJ4vSICoqoigBM7qDBTxvV+ediAc/0eGvQep6gMG4NG/qcruWenhJ07 V1GKIyHpC2fUPF0MVfhHDIXYPdRxxEbKVEqgYZd3SZKWNGk2/2kC6MPmtlfUro1R8g20 M71q/RP8wZEvP1GN1UdT+m2DE9kE5ee9l2OlyDLTHkCg4OXXaZRftCNfLHZtoaWmDi3J wBY/9X0B5o2ANIUoPEaNJvyiPVmbheBxAqE/r8eL58j0gw2GNnxRGwF3cxjPW+++1Xi+ t29w== MIME-Version: 1.0 X-Received: by 10.43.162.136 with SMTP id mk8mr4832757icc.28.1431459329342; Tue, 12 May 2015 12:35:29 -0700 (PDT) Received: by 10.79.71.4 with HTTP; Tue, 12 May 2015 12:35:29 -0700 (PDT) In-Reply-To: <55525519.7050904@gmail.com> References: <55525519.7050904@gmail.com> Date: Tue, 12 May 2015 21:35:29 +0200 Message-ID: Subject: Re: silly ab patch for SNI and OCSP stapling From: Yann Ylavic To: httpd Content-Type: text/plain; charset=UTF-8 +1, to both! Thanks. On Tue, May 12, 2015 at 9:31 PM, Jeff Trawick wrote: > ... where "OCSP stapling" means "get the server to do the related work but > don't care what you get back". > > Perhaps this doesn't save any time for anybody that would want to test such > a thing, but who knows? > > Index: support/ab.c > =================================================================== > --- support/ab.c (revision 1679028) > +++ support/ab.c (working copy) > @@ -1287,6 +1287,8 @@ > bio = BIO_new_socket(fd, BIO_NOCLOSE); > SSL_set_bio(c->ssl, bio, bio); > SSL_set_connect_state(c->ssl); > + SSL_set_tlsext_host_name(c->ssl, hostname); > + SSL_set_tlsext_status_type(c->ssl, TLSEXT_STATUSTYPE_ocsp); > if (verbosity >= 4) { > BIO_set_callback(bio, ssl_print_cb); > BIO_set_callback_arg(bio, (void *)bio_err); > > The lack of SNI is a pretty big hole now; it probably doesn't need much > extra in the way of #if/if to do the right thing. >