Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.h @ 4879:4a804fd04e6c
OCSP stapling: ssl_stapling_verify directive.
OCSP response verification is now switched off by default to simplify
configuration, and the ssl_stapling_verify allows to switch it on.
Note that for stapling OCSP response verification isn't something required
as it will be done by a client anyway. But doing verification on a server
allows to mitigate some attack vectors, most notably stop an attacker from
presenting some specially crafted data to all site clients.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 01 Oct 2012 12:53:11 +0000 |
parents | 386a06a22c40 |
children | 1356a3b96924 |
comparison
equal
deleted
inserted
replaced
4878:695cc88ad649 | 4879:4a804fd04e6c |
---|---|
41 ngx_str_t ciphers; | 41 ngx_str_t ciphers; |
42 | 42 |
43 ngx_shm_zone_t *shm_zone; | 43 ngx_shm_zone_t *shm_zone; |
44 | 44 |
45 ngx_flag_t stapling; | 45 ngx_flag_t stapling; |
46 ngx_flag_t stapling_verify; | |
46 ngx_str_t stapling_file; | 47 ngx_str_t stapling_file; |
47 ngx_str_t stapling_responder; | 48 ngx_str_t stapling_responder; |
48 | 49 |
49 u_char *file; | 50 u_char *file; |
50 ngx_uint_t line; | 51 ngx_uint_t line; |