Le 11/05/2018 à 12:26, jor...@apache.org a écrit :
Author: jorton
Date: Fri May 11 10:26:31 2018
New Revision: 1831398
URL: http://svn.apache.org/viewvc?rev=1831398&view=rev
Log:
Add basic OCSP client cert verification test using the "openssl ocsp" built-in
toy OCSP responder.
Added:
httpd/test/framework/trunk/t/htdocs/modules/cgi/ocsp.pl.PL
httpd/test/framework/trunk/t/ssl/ocsp.t
Modified:
httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
httpd/test/framework/trunk/t/htdocs/modules/cgi/ (props changed)
Modified: httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
URL:
http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in?rev=1831398&r1=1831397&r2=1831398&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in Fri May 11 10:26:31 2018
@@ -237,6 +237,25 @@
</Location>
</VirtualHost>
+ # For t/ssl/ocsp.t --
+ <Location /modules/ssl/ocsp>
+ SetEnv SSL_CA_ROOT @sslca@/asf
+ </Location>
+ Alias /modules/ssl/ocsp @DocumentRoot@/modules/cgi/ocsp.pl
+
+ <VirtualHost ssl_ocsp>
+ SSLEngine on
+
+ SSLVerifyClient on
+
+ SSLOCSPEnable on
+ SSLOCSPDefaultResponder http://@SERVERNAME@:@PORT@/modules/ssl/ocsp
+ SSLOCSPResponderCertificateFile @SSLCA@/asf/certs/server.crt
SSLOCSPResponderCertificateFile is only supported since 2.4.26.
Does just surrounding this directive by a <IfVersion >= 2.4.26> is
enough, or should the corresponding test be adjusted some way or another
as well?
(based on,
https://build.opensuse.org/package/view_file/Apache:Test/apache-test/apache-test-ocsp-httpd-version.patch?expand=1)
CJ
+
+ # Ignore CRL check results
+ SSLCARevocationCheck none
+ </VirtualHost>
+
# For t/ssl/pr43738.t:
<IfModule mod_actions.c>
Action application/x-pf-action /modules/cgi/action.pl
[...]