Mercurial > hg > nginx
diff src/event/ngx_event_openssl.h @ 4873:dd74fd35ceb5
OCSP stapling: ssl_stapling_file support.
Very basic version without any OCSP responder query code, assuming valid
DER-encoded OCSP response is present in a ssl_stapling_file configured.
Such file might be produced with openssl like this:
openssl ocsp -issuer root.crt -cert domain.crt -respout domain.staple \
-url http://ocsp.example.com
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 01 Oct 2012 12:41:08 +0000 |
parents | 7c3cca603438 |
children | 386a06a22c40 |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -17,6 +17,7 @@ #include <openssl/conf.h> #include <openssl/engine.h> #include <openssl/evp.h> +#include <openssl/ocsp.h> #define NGX_SSL_NAME "OpenSSL" @@ -104,6 +105,7 @@ ngx_int_t ngx_ssl_client_certificate(ngx ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_int_t depth); ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); +ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);