Changeset b888e8b in mod_gnutls for src/gnutls_config.c


Ignore:
Timestamp:
Nov 1, 2016, 7:20:42 AM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
Children:
b26a792
Parents:
b34a67e
git-author:
Thomas Klute <thomas2.klute@…> (10/31/16 19:42:11)
git-committer:
Thomas Klute <thomas2.klute@…> (11/01/16 07:20:42)
Message:

New directive GnuTLSOCSPCheckNonce

Some CAs refuse to send nonces in their OCSP responses, probably
because that way they can cache responses. This makes nonce
verification fail, so give the user an option disable it.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_config.c

    rb34a67e rb888e8b  
    11271127
    11281128    sc->ocsp_staple = GNUTLS_ENABLED_UNSET;
     1129    sc->ocsp_check_nonce = GNUTLS_ENABLED_UNSET;
    11291130    sc->ocsp_response_file = NULL;
    11301131    sc->ocsp_mutex = NULL;
     
    11901191
    11911192    gnutls_srvconf_merge(ocsp_staple, GNUTLS_ENABLED_UNSET);
     1193    gnutls_srvconf_merge(ocsp_check_nonce, GNUTLS_ENABLED_UNSET);
    11921194    gnutls_srvconf_assign(ocsp_response_file);
    11931195    gnutls_srvconf_merge(ocsp_grace_time, MGS_TIMEOUT_UNSET);
Note: See TracChangeset for help on using the changeset viewer.