Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.h @ 4879:4a804fd04e6c
OCSP stapling: ssl_stapling_verify directive.
OCSP response verification is now switched off by default to simplify
configuration, and the ssl_stapling_verify allows to switch it on.
Note that for stapling OCSP response verification isn't something required
as it will be done by a client anyway. But doing verification on a server
allows to mitigate some attack vectors, most notably stop an attacker from
presenting some specially crafted data to all site clients.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 01 Oct 2012 12:53:11 +0000 |
| parents | 386a06a22c40 |
| children | 1356a3b96924 |
comparison
equal
deleted
inserted
replaced
| 4878:695cc88ad649 | 4879:4a804fd04e6c |
|---|---|
| 41 ngx_str_t ciphers; | 41 ngx_str_t ciphers; |
| 42 | 42 |
| 43 ngx_shm_zone_t *shm_zone; | 43 ngx_shm_zone_t *shm_zone; |
| 44 | 44 |
| 45 ngx_flag_t stapling; | 45 ngx_flag_t stapling; |
| 46 ngx_flag_t stapling_verify; | |
| 46 ngx_str_t stapling_file; | 47 ngx_str_t stapling_file; |
| 47 ngx_str_t stapling_responder; | 48 ngx_str_t stapling_responder; |
| 48 | 49 |
| 49 u_char *file; | 50 u_char *file; |
| 50 ngx_uint_t line; | 51 ngx_uint_t line; |