SSL: client certificate validation with OCSP (ticket #1534).

OCSP validation for client certificates is enabled by the "ssl_ocsp" directive. OCSP responder can be optionally specified by "ssl_ocsp_responder". When session is reused, peer chain is not available for validation. If the verified chain contains certificates from the peer chain not available at the server, validation will fail.
author: Roman Arutyunyan <arut@nginx.com> 2020-05-22 17:30:12 +0300
committer: Roman Arutyunyan <arut@nginx.com> 2020-05-22 17:30:12 +0300
commit: 60438ae395d83b0f8b21bf667a1e260d60c3f46a (patch)
tree: 040886d686aa1eeb2d290c039b29e608f2c6633e /src/http/modules/ngx_http_ssl_module.h
parent: aa94ee82f6040c8e2cbde3ae4de931c23fade3f3 (diff)
download: nginx-60438ae395d83b0f8b21bf667a1e260d60c3f46a.tar.gz
nginx-60438ae395d83b0f8b21bf667a1e260d60c3f46a.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
index 26fdccfe4..92d459f60 100644
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -54,6 +54,9 @@ typedef struct {
     ngx_flag_t                      session_tickets;
     ngx_array_t                    *session_ticket_keys;
 
+    ngx_uint_t                      ocsp;
+    ngx_str_t                       ocsp_responder;
+
     ngx_flag_t                      stapling;
     ngx_flag_t                      stapling_verify;
     ngx_str_t                       stapling_file;
author	Roman Arutyunyan <arut@nginx.com>	2020-05-22 17:30:12 +0300
committer	Roman Arutyunyan <arut@nginx.com>	2020-05-22 17:30:12 +0300
commit	60438ae395d83b0f8b21bf667a1e260d60c3f46a (patch)
tree	040886d686aa1eeb2d290c039b29e608f2c6633e /src/http/modules/ngx_http_ssl_module.h
parent	aa94ee82f6040c8e2cbde3ae4de931c23fade3f3 (diff)
download	nginx-60438ae395d83b0f8b21bf667a1e260d60c3f46a.tar.gz nginx-60438ae395d83b0f8b21bf667a1e260d60c3f46a.tar.bz2