f6484a78383d8e7fedfa2d3bbc254a76c478a53e - nginx

commit	f6484a78383d8e7fedfa2d3bbc254a76c478a53e	[log] [tgz]
author	Roman Arutyunyan <arut@nginx.com>	Fri May 22 17:30:12 2020 +0300
committer	Roman Arutyunyan <arut@nginx.com>	Fri May 22 17:30:12 2020 +0300
tree	040886d686aa1eeb2d290c039b29e608f2c6633e
parent	924507bd9d8a3655e66ac3e619edd20cfbb18e01 [diff]

SSL: client certificate validation with OCSP (ticket #1534).

OCSP validation for client certificates is enabled by the "ssl_ocsp" directive.
OCSP responder can be optionally specified by "ssl_ocsp_responder".

When session is reused, peer chain is not available for validation.
If the verified chain contains certificates from the peer chain not available
at the server, validation will fail.

src/event/ngx_event_openssl.c[diff]
src/event/ngx_event_openssl.h[diff]
src/event/ngx_event_openssl_stapling.c[diff]
src/http/modules/ngx_http_ssl_module.c[diff]
src/http/modules/ngx_http_ssl_module.h[diff]
src/http/ngx_http_request.c[diff]

6 files changed

tree: 040886d686aa1eeb2d290c039b29e608f2c6633e

auto/
conf/
contrib/
docs/
misc/
src/
.hgtags