git.kaiwu.me - nginx.git/commit

author	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 1 Oct 2012 12:47:55 +0000 (12:47 +0000)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 1 Oct 2012 12:47:55 +0000 (12:47 +0000)
commit	74ad4494a66d7ea5201c37f6628707404df723fe
tree	c5c012ff1465ea50b8d6c2597660b40ef592afe4	tree \| snapshot
parent	f7ec295fb4bd81d8840e51021d44270ccd9ab222	commit \| diff

OCSP stapling: loading OCSP responses.

This includes the ssl_stapling_responder directive (defaults to OCSP
responder set in certificate's AIA extension).

OCSP response for a given certificate is requested once we get at least
one connection with certificate_status extension in ClientHello, and
certificate status won't be sent in the connection in question. This due
to limitations in the OpenSSL API (certificate status callback is blocking).

Note: SSL_CTX_use_certificate_chain_file() was reimplemented as it doesn't
allow to access the certificate loaded via SSL_CTX.

src/core/ngx_core.h		diff \| blob \| history
src/event/ngx_event_openssl.c		diff \| blob \| history
src/event/ngx_event_openssl.h		diff \| blob \| history
src/event/ngx_event_openssl_stapling.c		diff \| blob \| history
src/http/modules/ngx_http_ssl_module.c		diff \| blob \| history
src/http/modules/ngx_http_ssl_module.h		diff \| blob \| history