74ad4494a66d7ea5201c37f6628707404df723fe - nginx

commit	74ad4494a66d7ea5201c37f6628707404df723fe	[log] [tgz]
author	Maxim Dounin <mdounin@mdounin.ru>	Mon Oct 01 12:47:55 2012 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	Mon Oct 01 12:47:55 2012 +0000
tree	c5c012ff1465ea50b8d6c2597660b40ef592afe4
parent	f7ec295fb4bd81d8840e51021d44270ccd9ab222 [diff]

OCSP stapling: loading OCSP responses.

This includes the ssl_stapling_responder directive (defaults to OCSP
responder set in certificate's AIA extension).

OCSP response for a given certificate is requested once we get at least
one connection with certificate_status extension in ClientHello, and
certificate status won't be sent in the connection in question.  This due
to limitations in the OpenSSL API (certificate status callback is blocking).

Note: SSL_CTX_use_certificate_chain_file() was reimplemented as it doesn't
allow to access the certificate loaded via SSL_CTX.

src/core/ngx_core.h[diff]
src/event/ngx_event_openssl.c[diff]
src/event/ngx_event_openssl.h[diff]
src/event/ngx_event_openssl_stapling.c[diff]
src/http/modules/ngx_http_ssl_module.c[diff]
src/http/modules/ngx_http_ssl_module.h[diff]

6 files changed

tree: c5c012ff1465ea50b8d6c2597660b40ef592afe4

auto/
conf/
contrib/
docs/
misc/
src/
.hgtags