Changeset ef107fd in mod_gnutls


Ignore:
Timestamp:
Oct 29, 2016, 1:40:03 PM (6 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
asyncio, debian/master, debian/stretch-backports, main, master, proxy-ticket, upstream
Children:
444e6ed
Parents:
0a02378
Message:

Remove TODO for OCSP requests without nonces

Ideally all OCSP responders should support nonces. A new comment
describes how to implement disabling nonce verification if someone
needs to (could become an option similar to the one in mod_ssl).

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_ocsp.c

    r0a02378 ref107fd  
    616616    {
    617617        gnutls_datum_t req;
     618        /* mod_ssl offers an option to enable/disable nonces for
     619         * broken responders. If needed at some point, we could do the
     620         * same by passing NULL instead of &nonce. */
    618621        int ret = mgs_create_ocsp_request(s, &req, &nonce);
    619622        if (ret == GNUTLS_E_SUCCESS)
     
    642645        }
    643646    }
    644 
    645     /* TODO: separate option to enable/disable nonce */
    646647
    647648    apr_time_t expiry;
Note: See TracChangeset for help on using the changeset viewer.