Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.h @ 4875:386a06a22c40
OCSP stapling: loading OCSP responses.
This includes the ssl_stapling_responder directive (defaults to OCSP
responder set in certificate's AIA extension).
OCSP response for a given certificate is requested once we get at least
one connection with certificate_status extension in ClientHello, and
certificate status won't be sent in the connection in question. This due
to limitations in the OpenSSL API (certificate status callback is blocking).
Note: SSL_CTX_use_certificate_chain_file() was reimplemented as it doesn't
allow to access the certificate loaded via SSL_CTX.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 01 Oct 2012 12:47:55 +0000 |
parents | dd74fd35ceb5 |
children | 4a804fd04e6c |
comparison
equal
deleted
inserted
replaced
4874:d1a20423c425 | 4875:386a06a22c40 |
---|---|
103 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, | 103 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |
104 ngx_str_t *cert, ngx_int_t depth); | 104 ngx_str_t *cert, ngx_int_t depth); |
105 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, | 105 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |
106 ngx_str_t *cert, ngx_int_t depth); | 106 ngx_str_t *cert, ngx_int_t depth); |
107 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); | 107 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); |
108 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); | 108 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, |
109 ngx_str_t *responder, ngx_str_t *file); | |
110 ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, | |
111 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); | |
109 RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); | 112 RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); |
110 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); | 113 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); |
111 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); | 114 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); |
112 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, | 115 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, |
113 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); | 116 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); |
159 | 162 |
160 | 163 |
161 extern int ngx_ssl_connection_index; | 164 extern int ngx_ssl_connection_index; |
162 extern int ngx_ssl_server_conf_index; | 165 extern int ngx_ssl_server_conf_index; |
163 extern int ngx_ssl_session_cache_index; | 166 extern int ngx_ssl_session_cache_index; |
167 extern int ngx_ssl_certificate_index; | |
168 extern int ngx_ssl_stapling_index; | |
164 | 169 |
165 | 170 |
166 #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ | 171 #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ |