Changeset b888e8b in mod_gnutls for doc


Ignore:
Timestamp:
Nov 1, 2016, 7:20:42 AM (14 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master, debian, upstream
Children:
b26a792
Parents:
b34a67e
git-author:
Thomas Klute <thomas2.klute@…> (10/31/16 19:42:11)
git-committer:
Thomas Klute <thomas2.klute@…> (11/01/16 07:20:42)
Message:

New directive GnuTLSOCSPCheckNonce

Some CAs refuse to send nonces in their OCSP responses, probably
because that way they can cache responses. This makes nonce
verification fail, so give the user an option disable it.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • doc/mod_gnutls_manual.mdwn

    rb34a67e rb888e8b  
    553553
    554554OCSP cache updates are serialized using the `gnutls-ocsp` mutex.
     555
     556### GnuTLSOCSPCheckNonce
     557
     558Check the nonce in OCSP responses?
     559
     560    GnuTLSOCSPCheckNonce [On|Off]
     561
     562Default: *on*\
     563Context: server config, virtual host
     564
     565Some CAs refuse to send nonces in their OCSP responses, probably
     566because that way they can cache responses. If your CA is one of them
     567you can use this flag to disable nonce verification. Note that
     568`mod_gnutls` will _send_ a nonce either way.
    555569
    556570### GnuTLSOCSPResponseFile
Note: See TracChangeset for help on using the changeset viewer.