Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.h @ 7653:8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
OCSP validation for client certificates is enabled by the "ssl_ocsp" directive.
OCSP responder can be optionally specified by "ssl_ocsp_responder".
When session is reused, peer chain is not available for validation.
If the verified chain contains certificates from the peer chain not available
at the server, validation will fail.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Fri, 22 May 2020 17:30:12 +0300 |
| parents | be2af41d3620 |
| children | b56f725dd4bb |
comparison
equal
deleted
inserted
replaced
| 7652:7cffd81015e7 | 7653:8409f9df6219 |
|---|---|
| 52 ngx_shm_zone_t *shm_zone; | 52 ngx_shm_zone_t *shm_zone; |
| 53 | 53 |
| 54 ngx_flag_t session_tickets; | 54 ngx_flag_t session_tickets; |
| 55 ngx_array_t *session_ticket_keys; | 55 ngx_array_t *session_ticket_keys; |
| 56 | 56 |
| 57 ngx_uint_t ocsp; | |
| 58 ngx_str_t ocsp_responder; | |
| 59 | |
| 57 ngx_flag_t stapling; | 60 ngx_flag_t stapling; |
| 58 ngx_flag_t stapling_verify; | 61 ngx_flag_t stapling_verify; |
| 59 ngx_str_t stapling_file; | 62 ngx_str_t stapling_file; |
| 60 ngx_str_t stapling_responder; | 63 ngx_str_t stapling_responder; |
| 61 | 64 |