diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2012-10-01 12:41:08 +0000 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2012-10-01 12:41:08 +0000 |
| commit | 85c920a0cd4983679fe51ad492abf5dea8ccc497 (patch) | |
| tree | a8dea075ef1040da844ef777e184f9e22176d997 /src/event | |
| parent | 3648ba7db833d318269daba2a8d6be42660c5b60 (diff) | |
| download | nginx-85c920a0cd4983679fe51ad492abf5dea8ccc497.tar.gz nginx-85c920a0cd4983679fe51ad492abf5dea8ccc497.tar.bz2 | |
OCSP stapling: ssl_stapling_file support.
Very basic version without any OCSP responder query code, assuming valid
DER-encoded OCSP response is present in a ssl_stapling_file configured.
Such file might be produced with openssl like this:
openssl ocsp -issuer root.crt -cert domain.crt -respout domain.staple \
-url http://ocsp.example.com
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/ngx_event_openssl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 81f0a8b8e..931df21b8 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -17,6 +17,7 @@ #include <openssl/conf.h> #include <openssl/engine.h> #include <openssl/evp.h> +#include <openssl/ocsp.h> #define NGX_SSL_NAME "OpenSSL" @@ -104,6 +105,7 @@ ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_int_t depth); ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); +ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); |