git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 6a0f47e) | patch

author	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 1 Oct 2012 12:39:36 +0000 (12:39 +0000)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Mon, 1 Oct 2012 12:39:36 +0000 (12:39 +0000)
commit	3648ba7db833d318269daba2a8d6be42660c5b60
tree	1228f80d5ae03396e0b25180fff6c2538e117d55	tree \| snapshot
parent	6a0f47e0797c8b797c806fab16ffc5bab40c0577	commit \| diff

OCSP stapling: ssl_trusted_certificate directive.

The directive allows to specify additional trusted Certificate Authority
certificates to be used during certificate verification. In contrast to
ssl_client_certificate DNs of these cerificates aren't sent to a client
during handshake.

Trusted certificates are loaded regardless of the fact whether client
certificates verification is enabled as the same certificates will be
used for OCSP stapling, during construction of an OCSP request and for
verification of an OCSP response.

The same applies to a CRL (which is now always loaded).

src/event/ngx_event_openssl.c		diff \| blob \| history
src/event/ngx_event_openssl.h		diff \| blob \| history
src/http/modules/ngx_http_ssl_module.c		diff \| blob \| history
src/http/modules/ngx_http_ssl_module.h		diff \| blob \| history

nginx upstream