Hello,
I plan to add OCSP support to mod_ssl.
I have the code for the OCSP check, but I'd like to check the integration
with everybody, as I will give the code back to you - if you're interesting
in it :-)
Here is what I currently plan:
1. Add a parameter "UseOCSP" in the config file
2. In function "ssl_callback_SSLVerify( )", replace the call to
"ssl_callback_SSLVerify_CRL( )" by a call to a new function
"ssl_callback_SSLVerify_Validity( )", with exactly the same parameters
3. In "ssl_callback_SSLVerify_Validity( )":
- if the parameter "UseOCSP" is on, try an OCSP check
- if the OCSP check failed because the certificate is revoked => return
error
- if the OCSP check succeeded => return ok ("ok" is an input parameter,
don't know what it is exactly)
- call "ssl_callback_SSLVerify_CRL( )" and return result
Do you see any problem with that ?
Is somebody interesting in testing that code, or even work on it ?
Marc
