OCSP stapling: loading OCSP responses.

This includes the ssl_stapling_responder directive (defaults to OCSP responder set in certificate's AIA extension). OCSP response for a given certificate is requested once we get at least one connection with certificate_status extension in ClientHello, and certificate status won't be sent in the connection in question. This due to limitations in the OpenSSL API (certificate status callback is blocking). Note: SSL_CTX_use_certificate_chain_file() was reimplemented as it doesn't allow to access the certificate loaded via SSL_CTX.
author: Maxim Dounin <mdounin@mdounin.ru> 2012-10-01 12:47:55 +0000
committer: Maxim Dounin <mdounin@mdounin.ru> 2012-10-01 12:47:55 +0000
commit: 74ad4494a66d7ea5201c37f6628707404df723fe (patch)
tree: c5c012ff1465ea50b8d6c2597660b40ef592afe4 /src/http/modules/ngx_http_ssl_module.h
parent: f7ec295fb4bd81d8840e51021d44270ccd9ab222 (diff)
download: nginx-74ad4494a66d7ea5201c37f6628707404df723fe.tar.gz
nginx-74ad4494a66d7ea5201c37f6628707404df723fe.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
index c1328395a..b9037589f 100644
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -44,6 +44,7 @@ typedef struct {
 
     ngx_flag_t                      stapling;
     ngx_str_t                       stapling_file;
+    ngx_str_t                       stapling_responder;
 
     u_char                         *file;
     ngx_uint_t                      line;
author	Maxim Dounin <mdounin@mdounin.ru>	2012-10-01 12:47:55 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	2012-10-01 12:47:55 +0000
commit	74ad4494a66d7ea5201c37f6628707404df723fe (patch)
tree	c5c012ff1465ea50b8d6c2597660b40ef592afe4 /src/http/modules/ngx_http_ssl_module.h
parent	f7ec295fb4bd81d8840e51021d44270ccd9ab222 (diff)
download	nginx-74ad4494a66d7ea5201c37f6628707404df723fe.tar.gz nginx-74ad4494a66d7ea5201c37f6628707404df723fe.tar.bz2