Changeset f1147b6 in mod_gnutls


Ignore:
Timestamp:
Jun 18, 2016, 5:21:07 PM (7 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
asyncio, debian/master, debian/stretch-backports, main, master, proxy-ticket, upstream
Children:
3725f2d
Parents:
ef06c74
Message:

OCSP post config: Ensure OCSP URI or response file are set

If the certificate does not contain an OCSP URI and the vhost is not
using a response file mod_gnutls has no way to acquire a response. In
that case post config fails if stapling is enabled.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_ocsp.c

    ref06c74 rf1147b6  
    875875    sc->ocsp->uri = mgs_cert_get_ocsp_uri(pconf,
    876876                                          sc->certs_x509_crt_chain[0]);
     877    if (sc->ocsp->uri == NULL && sc->ocsp_response_file == NULL)
     878    {
     879        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server,
     880                     "OCSP stapling is enabled for for %s:%d, but there is "
     881                     "neither an OCSP URI in the certificate nor a "
     882                     "GnuTLSOCSPResponseFile setting for this host!",
     883                     server->server_hostname, server->addrs->host_port);
     884        return HTTP_NOT_FOUND;
     885    }
    877886
    878887    sc->ocsp->trust = apr_palloc(pconf,
Note: See TracChangeset for help on using the changeset viewer.