source: mod_gnutls/test/tests/27_OCSP_server/apache.conf @ e1c094c

debian/masterdebian/stretch-backportsupstream
Last change on this file since e1c094c was e1c094c, checked in by Thomas Klute <thomas2.klute@…>, 3 years ago

Replace GnuTLSOCSPGraceTime with GnuTLSOCSPCacheTimeout

Configuring a timeout instead a time relative to the nextUpdate field
of the OCSP response has two main advantages:

  • The maximum cache lifetime is independent of any external data. The OCSP response is signed and the CA generally a trusted entity, but its policy is almost always outside the server admin's control and might change.
  • The principle is a lot simpler and thus less likely to lead to implementation or configuration errors.

Additionally a static timeout policy should make it easier to
implement asynchronous cache updates for MPMs that support it.

  • Property mode set to 100644
File size: 387 bytes
Line 
1Define  OCSP_PORT       ${OCSP_PORT}
2
3Include ${srcdir}/base_apache.conf
4Include ${srcdir}/ocsp_server.conf
5GnuTLSCache dbm cache/gnutls_cache
6
7<VirtualHost _default_:${TEST_PORT}>
8        ServerName              ${TEST_HOST}
9        GnuTLSEnable            On
10        GnuTLSOCSPStapling      On
11        GnuTLSOCSPCacheTimeout  60
12        GnuTLSCertificateFile   server/x509-chain.pem
13        GnuTLSKeyFile           server/secret.key
14        GnuTLSPriorities        NORMAL
15</VirtualHost>
Note: See TracBrowser for help on using the repository browser.