Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.h @ 4879:4a804fd04e6c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
OCSP stapling: ssl_stapling_verify directive. OCSP response verification is now switched off by default to simplify configuration, and the ssl_stapling_verify allows to switch it on. Note that for stapling OCSP response verification isn't something required as it will be done by a client anyway. But doing verification on a server allows to mitigate some attack vectors, most notably stop an attacker from presenting some specially crafted data to all site clients.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 01 Oct 2012 12:53:11 +0000
parents 386a06a22c40
children e406c997470a
comparison
equal deleted inserted replaced
4878:695cc88ad649 4879:4a804fd04e6c
104 ngx_str_t *cert, ngx_int_t depth); 104 ngx_str_t *cert, ngx_int_t depth);
105 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, 105 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
106 ngx_str_t *cert, ngx_int_t depth); 106 ngx_str_t *cert, ngx_int_t depth);
107 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); 107 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
108 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, 108 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
109 ngx_str_t *responder, ngx_str_t *file); 109 ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
110 ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, 110 ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
111 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); 111 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
112 RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); 112 RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length);
113 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); 113 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
114 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); 114 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);