]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aa94ee8) | patch
SSL: client certificate validation with OCSP (ticket #1534).
authorRoman Arutyunyan <arut@nginx.com>
Fri, 22 May 2020 14:30:12 +0000 (17:30 +0300)
committerRoman Arutyunyan <arut@nginx.com>
Fri, 22 May 2020 14:30:12 +0000 (17:30 +0300)
commit60438ae395d83b0f8b21bf667a1e260d60c3f46a
tree040886d686aa1eeb2d290c039b29e608f2c6633etree | snapshot
parentaa94ee82f6040c8e2cbde3ae4de931c23fade3f3commit | diff
SSL: client certificate validation with OCSP (ticket #1534).

OCSP validation for client certificates is enabled by the "ssl_ocsp" directive.
OCSP responder can be optionally specified by "ssl_ocsp_responder".

When session is reused, peer chain is not available for validation.
If the verified chain contains certificates from the peer chain not available
at the server, validation will fail.
src/event/ngx_event_openssl.c diff | blob | history
src/event/ngx_event_openssl.h diff | blob | history
src/event/ngx_event_openssl_stapling.c diff | blob | history
src/http/modules/ngx_http_ssl_module.c diff | blob | history
src/http/modules/ngx_http_ssl_module.h diff | blob | history
src/http/ngx_http_request.c diff | blob | history
nginx upstream