Welcome! Log In Create A New Profile

Advanced

OCSP, ssl_trusted_certificate, and ssl_stapling_verify

Scott Larson
March 05, 2014 02:50PM
In setting up OCSP stapling on 1.5.10 I've found it behaving in a way
which is opposite to what I perceive is documented. There it states that
the contents of ssl_trusted_certificate are not sent to the client. However
when I enable ssl_stapling_verify, which requires the inclusion of in this
case the GeoTrust root certificate for the OCSP response to work, this root
certificate is included in the response back to the client.
Am I just interpreting the documentation incorrectly? It's not a dire
issue, simply unexpected, and when including the root cert the SSL
handshake increases from 4434 bytes to 5293.



*__________________Scott LarsonSystems AdministratorWiredrive/LA310 823
8238 ext. 1106310 943 2078 faxwww.wiredrive.com
http://www.wiredrive.com/www.twitter.com/wiredrive
http://www.twitter.com/wiredrivewww.facebook.com/wiredrive
http://www.wiredrive.com/facebook*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

OCSP, ssl_trusted_certificate, and ssl_stapling_verify

Scott Larson March 05, 2014 02:50PM

Re: OCSP, ssl_trusted_certificate, and ssl_stapling_verify

Maxim Dounin March 05, 2014 11:32PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 133
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready