- no need to check for opaque "valid" cert
flag, since we get here only if internal
certificate verification of OpenSSL returned
ok=1.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1729500 13f79535-47bb-0310-9956-ffa450edef68
New SSLOCSPUseRequestNonce directive's manual and CHANGES.
Non functional code changes (modssl_ctx_t's field ocsp_use_request_nonce
grouped with other OCSP ones, nested if turned to a single AND condition).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1584098 13f79535-47bb-0310-9956-ffa450edef68
- Remove tags in ssl_log_ssl_error() and ssl_log_cert_error()
- Instead add tags to various ssl_log_xerror, ssl_log_cxerror
calls (ssl_log_rxerror is unused).
- likewise for modssl_proxy_info_log()
- Fix spelling of APLOG_NOERRNO in coccinelle script
- add support for ssl_log_*error and ap_log_cserror
- add some more tags missing due to APLOG_NOERRNO spelling error
- Remove tags from example modules (we don't want people to blindly copy
those)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1211680 13f79535-47bb-0310-9956-ffa450edef68
modssl_dispatch_ocsp_request): Take timeout as argument, as pass through.
* modules/ssl/ssl_engine_ocsp.c (verify_ocsp_status): Pass server timeout
to modssl_dispatch_ocsp_request.
Submitted by: Dr Stephen Henson <shenson oss-institute.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@815719 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_ocsp.c (determine_responder_uri): Allow
NULL path; use default port for given schem.
* modules/ssl/ssl_util_ocsp.c (serialize_request): Use / if no path
specified.
Submitted by: Kaspar Brand <asfbugz velox.ch>
PR: 45522
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@683242 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_config.c (modssl_ctx_init,
modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
(ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
ssl_cmd_SSLOCSPEnable): Add functions.
* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
