Welcome! Log In Create A New Profile

Advanced

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

June 16, 2011 11:04AM
On Thu, Jun 16, 2011 at 02:30:55PM +0100, Rob Stradling wrote:
> On November 25, 2010 04:42AM Weibin Yao wrote:
> > Hi everyone,
> >
> > I think the the feature of OCSP stapling[1] is very useful for the
> > browser blocked by the OCSP request. And the feature has supported since
> > openssl 0.9.8g. Apache's mod_ssl has also added this patch in the
> > development branch[2].
> >
> > Does anyone have the plan to develop this feature?
>
> Hi. The CAs and Browsers represented in the CA/Browser Forum
> (http://cabforum.org/forum.html) are growing increasingly interested in
> encouraging wider adoption of OCSP Stapling.
>
> Since nobody else has replied to this thread, I presume that OCSP Stapling is
> not currently a priority for the core nginx developers. So, I've started
> having a go at writing a patch. I'm basing it heavily on Dr Steve Henson's
> OCSP Stapling code that was first included in Apache httpd 2.3.3 [3]. I'd like
> to ask a few questions before I proceed any further:
>
> 1. If I am able to complete my patch, are you likely to review/commit it?
> Or is OCSP Stapling the sort of feature that you'd prefer to only let a core
> nginx developer work on?
>
> 2. I was under the impression that nginx started life as a fork of Apache
> httpd, but I don't see any messages along the lines of "This product includes
> software developed by the Apache Group..." in the source code. Is nginx 100%
> *not* a derivative work of Apache httpd?
>
> 3. Steve Henson's code is presumably licensed under ASL 2.0 [4], which
> presumably means that my patch would be classed as a "Derivative Work" subject
> to various conditions (see the "4. Redistribution" section in ASL 2.0). Would
> this prevent you from accepting it?
>
> (Since ASL 2.0 says "nothing herein shall supersede or modify the terms of any
> separate license agreement you may have executed with Licensor regarding such
> Contributions", perhaps I should ask Steve Henson if he would be willing to
> contribute the same code to nginx under a different licence).

nginx is not Apache fork. I know well enough Apache 1.3 and I've got some
ideas from Apache such as memory pools, configuration methods, processing
phases, etc., but there is no line of Apache code. As to OCSP, I'm going
to implement it in the next 2.0 version.


--
Igor Sysoev

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 1989 June 16, 2011 09:32AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Igor Sysoev 2307 June 16, 2011 11:04AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 791 June 16, 2011 11:42AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Arnaud GRANAL 843 June 16, 2011 12:18PM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Arnaud GRANAL 760 June 16, 2011 12:18PM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 1517 June 17, 2011 06:54AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 673 March 12, 2012 06:14AM

Re: Does anyone plan to develop the feature of openssl' OCSP stapling?

Rob Stradling 681 June 21, 2012 10:06AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 77
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready