https://issues.apache.org/bugzilla/show_bug.cgi?id=46037
Summary: Configuration of trusted OCSP responder certificates
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Created an attachment (id=22754)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22754)
Add OCSPResponderCertificateFile option.
Some OCSP responders are configured to either exclude certificates in the
response or use a certificate chain with no relationship to the CA(s) it covers
such as a self signed certificate.
Currently such responders cannot be used with mod_ssl because the responder
certificate will fail verification.
The attached patch fixes this issue by adding a new
OCSPResponderCertificateFile option which contains PEM format certificates
which are directly trusted.
Question: is the initialisation and freeing in ssl_engine_init.c an appropriate
place?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
