You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Marc Stern <ma...@approach.be> on 2007/02/15 11:00:34 UTC

[Bug 41123] - Support of OCSP in mod_ssl

I performed all request modification, but I still have some questions:

1. I used the connection pool for memory allocation: c->pool from
ssl_callback_SSLVerify_Validity(). Is that correct ? I did not use any pool
cleanup, as this will be closed at the end of the connection.

2. I originally added the #ifdef NOOCSP in case somebody wants a version 
that is
not compiled with this code. Is this really needed ?

3. I currently establish the HTTP connection to the OCSP server via 
OpenSSL calls.
These work very well in practice in several very big eGov sites, but Joe 
Orton had some doubts about that.
Would it be better to use a sub request to the proxy_handler provided by 
mod_proxy ? This would be more efficient (because of connection 
pooling), but would require mod_proxy to run OCSP checks. Is this 
acceptable ?
Is there any documentation on how to send a sub request to the 
proxy_handler ?

 
*/Marc Stern/*