Welcome! Log In Create A New Profile

Advanced

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Previous Message Next Message
Forum List Message List New Topic Print View
Rob Stradling
June 16, 2011 09:32AM
On November 25, 2010 04:42AM Weibin Yao wrote:
> Hi everyone,
>
> I think the the feature of OCSP stapling[1] is very useful for the
> browser blocked by the OCSP request. And the feature has supported since
> openssl 0.9.8g. Apache's mod_ssl has also added this patch in the
> development branch[2].
>
> Does anyone have the plan to develop this feature?

Hi. The CAs and Browsers represented in the CA/Browser Forum
(http://cabforum.org/forum.html) are growing increasingly interested in
encouraging wider adoption of OCSP Stapling.

Since nobody else has replied to this thread, I presume that OCSP Stapling is
not currently a priority for the core nginx developers. So, I've started
having a go at writing a patch. I'm basing it heavily on Dr Steve Henson's
OCSP Stapling code that was first included in Apache httpd 2.3.3 [3]. I'd like
to ask a few questions before I proceed any further:

1. If I am able to complete my patch, are you likely to review/commit it?
Or is OCSP Stapling the sort of feature that you'd prefer to only let a core
nginx developer work on?

2. I was under the impression that nginx started life as a fork of Apache
httpd, but I don't see any messages along the lines of "This product includes
software developed by the Apache Group..." in the source code. Is nginx 100%
*not* a derivative work of Apache httpd?

3. Steve Henson's code is presumably licensed under ASL 2.0 [4], which
presumably means that my patch would be classed as a "Derivative Work" subject
to various conditions (see the "4. Redistribution" section in ASL 2.0). Would
this prevent you from accepting it?

(Since ASL 2.0 says "nothing herein shall supersede or modify the terms of any
separate license agreement you may have executed with Licensor regarding such
Contributions", perhaps I should ask Steve Henson if he would be willing to
contribute the same code to nginx under a different licence).

Thanks for your help.

[3]. http://svn.apache.org/viewvc?view=revision&revision=829619
[4]. http://www.apache.org/licenses/LICENSE-2.0

> Thanks.
>
> [1]. http://en.wikipedia.org/wiki/OCSP_Stapling
> [2]. https://issues.apache.org/bugzilla/show_bug.cgi?id=43822
>
> --
> Weibin Yao

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 2407 June 16, 2011 09:32AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Igor Sysoev 2934 June 16, 2011 11:04AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 1046 June 16, 2011 11:42AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Arnaud GRANAL 1097 June 16, 2011 12:18PM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Arnaud GRANAL 1030 June 16, 2011 12:18PM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 1823 June 17, 2011 06:54AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 965 March 12, 2012 06:14AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 934 June 21, 2012 10:06AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 176
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready