www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-09-11 09:30:48 +03:00
Code Activity

mod_ssl: follow up to r1583191.

Browse Source 
New SSLOCSPUseRequestNonce directive's manual and CHANGES.

Non functional code changes (modssl_ctx_t's field ocsp_use_request_nonce
grouped with other OCSP ones, nested if turned to a single AND condition).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1584098 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2014-04-02 17:21:28 +00:00
parent df389cdeb1
commit 0e37047e3d
4 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/ssl/ssl_engine_ocsp.c
View File

@@ -175,12 +175,11 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
}
if (rc == V_OCSP_CERTSTATUS_GOOD &&
sc->server->ocsp_use_request_nonce != FALSE) {
if (OCSP_check_nonce(request, basicResponse) != 1) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01924)
"Bad OCSP responder answer (bad nonce)");
rc = V_OCSP_CERTSTATUS_UNKNOWN;
}
sc->server->ocsp_use_request_nonce != FALSE &&
OCSP_check_nonce(request, basicResponse) != 1) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01924)
"Bad OCSP responder answer (bad nonce)");
rc = V_OCSP_CERTSTATUS_UNKNOWN;
}
if (rc == V_OCSP_CERTSTATUS_GOOD) {