Changeset efc43b4 in mod_gnutls for src/gnutls_hooks.c

Timestamp:

Sep 25, 2018, 3:46:26 PM (4 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

asyncio, debian/master, master, proxy-ticket

Children:

cb6476c

Parents:

994200a

Message:

Split per-vhost post config for OCSP stapling into configuring and enabling

This is preparation for enabling stapling by default: Configuration
failure may be ignored if stapling is not explicitly enabled by the
user (at the cost of not stapling).

File:

• src/gnutls_hooks.c (modified) (2 diffs)

src/gnutls_hooks.c

@@ -659 +659 @@
             sc->client_verify_method = mgs_cvm_cartel;
         if (sc->ocsp_staple == GNUTLS_ENABLED_UNSET)
+            // TODO: Check result of mgs_ocsp_configure_stapling()
+            // below instead, staple if possible.
             sc->ocsp_staple = GNUTLS_ENABLED_FALSE;
 
@@ -665 +667 @@
         if (sc->enabled && sc->ocsp_staple)
         {
-            rv = mgs_ocsp_post_config_server(pconf, ptemp, s);
+            const char *err = mgs_ocsp_configure_stapling(pconf, ptemp, s);
+            if (err != NULL)
+            {
+                ap_log_error(APLOG_MARK, APLOG_STARTUP, APR_EINVAL, s,
+                             "OCSP stapling configuration failed for "
+                             "host '%s:%d': %s",
+                             s->server_hostname, s->addrs->host_port, err);
+                return HTTP_INTERNAL_SERVER_ERROR;
+            }
+            rv = mgs_ocsp_enable_stapling(pconf, ptemp, s);
             if (rv != OK && rv != DECLINED)
                 return rv;