Changeset fa6d0bb in mod_gnutls


Ignore:
Timestamp:
Apr 20, 2018, 4:14:00 PM (3 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
2246a84
Parents:
f233a23
Message:

Initialize OCSP stapling only if mod_gnutls is enabled for a virtual host

Initializing OCSP stapling fails if there is no suitable certificate
chain configured for a virtual host. Skipping initialization if
GnuTLSEnable is off for a virtual host allows setting the default for
GnuTLSOCSPStapling with a global directive.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    rf233a23 rfa6d0bb  
    675675        }
    676676
    677         if (sc->ocsp_staple == GNUTLS_ENABLED_UNSET)
    678             sc->ocsp_staple = GNUTLS_ENABLED_FALSE;
    679 
    680         sc->ocsp_mutex = sc_base->ocsp_mutex;
    681         /* init OCSP configuration if OCSP is enabled for this host */
    682         if (sc->ocsp_staple)
    683         {
    684             rv = mgs_ocsp_post_config_server(pconf, ptemp, s);
    685             if (rv != OK && rv != DECLINED)
    686                 return rv;
    687         }
    688 
    689677        /* defaults for unset values: */
    690678        if (sc->enabled == GNUTLS_ENABLED_UNSET)
     
    698686        if (sc->client_verify_method == mgs_cvm_unset)
    699687            sc->client_verify_method = mgs_cvm_cartel;
     688        if (sc->ocsp_staple == GNUTLS_ENABLED_UNSET)
     689            sc->ocsp_staple = GNUTLS_ENABLED_FALSE;
     690
     691        sc->ocsp_mutex = sc_base->ocsp_mutex;
     692        /* init OCSP configuration if OCSP is enabled for this host */
     693        if (sc->enabled && sc->ocsp_staple)
     694        {
     695            rv = mgs_ocsp_post_config_server(pconf, ptemp, s);
     696            if (rv != OK && rv != DECLINED)
     697                return rv;
     698        }
    700699
    701700        /* Check if the priorities have been set */
Note: See TracChangeset for help on using the changeset viewer.