Welcome! Log In Create A New Profile

Advanced

[nginx] OCSP stapling: fixed ssl_stapling_file (ticket #769).

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
July 07, 2015 10:08AM
details: http://hg.nginx.org/nginx/rev/dcae651b2a0c
branches:
changeset: 6205:dcae651b2a0c
user: Maxim Dounin <mdounin@mdounin.ru>
date: Tue Jul 07 16:38:49 2015 +0300
description:
OCSP stapling: fixed ssl_stapling_file (ticket #769).

Broken by 6893a1007a7c (1.9.2) during introduction of strict OCSP response
validity checks. As stapling file is expected to be returned unconditionally,
fix is to set its validity to the maximum supported time.

Reported by Faidon Liambotis.

diffstat:

src/event/ngx_event_openssl_stapling.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diffs (11 lines):

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -245,6 +245,7 @@ ngx_ssl_stapling_file(ngx_conf_t *cf, ng

staple->staple.data = buf;
staple->staple.len = len;
+ staple->valid = NGX_MAX_TIME_T_VALUE;

return NGX_OK;


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] OCSP stapling: fixed ssl_stapling_file (ticket #769).

Maxim Dounin 666 July 07, 2015 10:08AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 182
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready