Mercurial > hg > nginx

diff src/event/ngx_event_openssl.h @ 4879:4a804fd04e6c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
OCSP stapling: ssl_stapling_verify directive. OCSP response verification is now switched off by default to simplify configuration, and the ssl_stapling_verify allows to switch it on. Note that for stapling OCSP response verification isn't something required as it will be done by a client anyway. But doing verification on a server allows to mitigate some attack vectors, most notably stop an attacker from presenting some specially crafted data to all site clients.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 01 Oct 2012 12:53:11 +0000
parents 386a06a22c40
children e406c997470a
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -106,7 +106,7 @@ ngx_int_t ngx_ssl_trusted_certificate(ng
     ngx_str_t *cert, ngx_int_t depth);
 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
-    ngx_str_t *responder, ngx_str_t *file);
+    ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
 ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
     ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
 RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length);