You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/09/23 11:39:07 UTC

DO NOT REPLY [Bug 31383] New: - OCSP support - PatchAvailable

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31383>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31383

OCSP support - PatchAvailable

           Summary: OCSP support - PatchAvailable
           Product: Apache httpd-2.0
           Version: 2.0.49
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mstern@csc.com


I added support for certificate validation through OCSP, where the OCSP server
URI is contained in the certificate itself (following the X.509 standard).

The check is optional.
There is also a parameter to decide if the authentication fails or not when the
server cannot be reached.

The code allows conditional compilation (full code enclosed in #ifdef).

This was developed for the Belgium Government and distributed publicly from may
2004. No bug has been reported since.

The code supports a proxy, although the option was not added in the config file
Another option in the config file could be to use a specified URI in case it is
not present in the certificate.
Another

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org