commit | f6484a78383d8e7fedfa2d3bbc254a76c478a53e | [log] [tgz] |
---|---|---|
author | Roman Arutyunyan <arut@nginx.com> | Fri May 22 17:30:12 2020 +0300 |
committer | Roman Arutyunyan <arut@nginx.com> | Fri May 22 17:30:12 2020 +0300 |
tree | 040886d686aa1eeb2d290c039b29e608f2c6633e | |
parent | 924507bd9d8a3655e66ac3e619edd20cfbb18e01 [diff] |
SSL: client certificate validation with OCSP (ticket #1534). OCSP validation for client certificates is enabled by the "ssl_ocsp" directive. OCSP responder can be optionally specified by "ssl_ocsp_responder". When session is reused, peer chain is not available for validation. If the verified chain contains certificates from the peer chain not available at the server, validation will fail.