to close to indicate that we do not want to keep the HTTP connection to the
OCSP responder alive. We don't reuse the connections currently and if the
OCSP responder keeps the connection alive this could cause us to wait for
keepalive timeout of the OCSP responder to timeout until we finish our
reading of the OCSP response.
PR: 64135
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874007 13f79535-47bb-0310-9956-ffa450edef68
This was our first compatibility pattern but we are not preserving it, it seems
irrelevant since the death of 16 bit Windows object files.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1783432 13f79535-47bb-0310-9956-ffa450edef68
the brigade, which can be left over from line splitting. Fixes case
where the OCSP response was only partially read from the wire.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1488296 13f79535-47bb-0310-9956-ffa450edef68
modssl_dispatch_ocsp_request): Take timeout as argument, as pass through.
* modules/ssl/ssl_engine_ocsp.c (verify_ocsp_status): Pass server timeout
to modssl_dispatch_ocsp_request.
Submitted by: Dr Stephen Henson <shenson oss-institute.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@815719 13f79535-47bb-0310-9956-ffa450edef68
adjust the remaining part of mod_ssl to use this server_rec instead of
c->base_server.
modules/ssl/ssl_private.h:
- server_rec member to SSLConnRec struct
- Add macros to extract data from connection_rec
mySrvFromConn(c)
mySrvConfigFromConn(c)
myModConfigFromConn(c)
modules/ssl/ssl_engine_io.c
modules/ssl/ssl_util_ocsp.c
modules/ssl/ssl_engine_kernel.c
modules/ssl/mod_ssl.c
modules/ssl/ssl_engine_log.c
- Use the new macros to extract data fron connection_rec
and use the server_rec stored in SSLConnRec instead of
c->base_server whereever appropriate.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@757463 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_ocsp.c (determine_responder_uri): Allow
NULL path; use default port for given schem.
* modules/ssl/ssl_util_ocsp.c (serialize_request): Use / if no path
specified.
Submitted by: Kaspar Brand <asfbugz velox.ch>
PR: 45522
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@683242 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_config.c (modssl_ctx_init,
modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
(ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
ssl_cmd_SSLOCSPEnable): Add functions.
* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
