Changeset fa6d0bb in mod_gnutls

Timestamp:

Apr 20, 2018, 4:14:00 PM (3 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

debian/master, master, proxy-ticket

Children:

2246a84

Parents:

f233a23

Message:

Initialize OCSP stapling only if mod_gnutls is enabled for a virtual host

Initializing OCSP stapling fails if there is no suitable certificate
chain configured for a virtual host. Skipping initialization if
GnuTLSEnable is off for a virtual host allows setting the default for
GnuTLSOCSPStapling with a global directive.

File:

• src/gnutls_hooks.c (modified) (2 diffs)

src/gnutls_hooks.c

@@ -675 +675 @@
         }
 
-        if (sc->ocsp_staple == GNUTLS_ENABLED_UNSET)
-            sc->ocsp_staple = GNUTLS_ENABLED_FALSE;
-
-        sc->ocsp_mutex = sc_base->ocsp_mutex;
-        /* init OCSP configuration if OCSP is enabled for this host */
-        if (sc->ocsp_staple)
-        {
-            rv = mgs_ocsp_post_config_server(pconf, ptemp, s);
-            if (rv != OK && rv != DECLINED)
-                return rv;
-        }
-
         /* defaults for unset values: */
         if (sc->enabled == GNUTLS_ENABLED_UNSET)
@@ -698 +686 @@
         if (sc->client_verify_method == mgs_cvm_unset)
             sc->client_verify_method = mgs_cvm_cartel;
+        if (sc->ocsp_staple == GNUTLS_ENABLED_UNSET)
+            sc->ocsp_staple = GNUTLS_ENABLED_FALSE;
+
+        sc->ocsp_mutex = sc_base->ocsp_mutex;
+        /* init OCSP configuration if OCSP is enabled for this host */
+        if (sc->enabled && sc->ocsp_staple)
+        {
+            rv = mgs_ocsp_post_config_server(pconf, ptemp, s);
+            if (rv != OK && rv != DECLINED)
+                return rv;
+        }
 
         /* Check if the priorities have been set */