On Tuesday 30 November 2010 00:55:48 Dr Stephen Henson wrote: > On 30/11/2010 00:03, Dr Stephen Henson wrote: > > On 29/11/2010 21:46, Guenter Knauf wrote: <snip> > >> I think that we had some similar already in the past, and you suggested > >> a change which was compatible with both 0.9.8 and 1.0.0 branches, but I > >> cant recall ... Or do we need to cleanly solve this with some > >> version-depent defines? > > > > See of the patch for bug #50121 resolves this for you. > > There's a slightly cleaner way of doing that r1040366 in trunk fixes it for > me. > > Steve.
Steve, thanks for cleaning and applying my patch. A quick question, if I may... Would it be possible to make OCSP Stapling enabled by default (when the server certificate contains an OCSP Responder URL in the AIA extension) instead of disabled by default? (Perhaps "SSLUseStapling" could be replaced by "SSLDisableStapling") I just wonder how many webmasters would bother to add "SSLUseStapling on" to their config files, even though OCSP Stapling benefits all parties. I understand that Microsoft IIS 7.x enables OCSP Stapling by default. Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online
