You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/10/27 13:41:31 UTC
svn commit: r1634521 - in /httpd/httpd/branches/2.4.x: ./ STATUS
docs/conf/extra/httpd-ssl.conf.in docs/manual/rewrite/advanced.xml
Author: jim
Date: Mon Oct 27 12:41:31 2014
New Revision: 1634521
URL: http://svn.apache.org/r1634521
Log:
Merge r1633730 from trunk:
add OCSP Stapling configuration, disabled by default
Submitted by: trawick
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/docs/conf/extra/httpd-ssl.conf.in
httpd/httpd/branches/2.4.x/docs/manual/rewrite/advanced.xml (props changed)
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1633730
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1634521&r1=1634520&r2=1634521&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Oct 27 12:41:31 2014
@@ -102,11 +102,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * default SSL configuration: provide sample OCSP Stapling configuration
- trunk patch: http://svn.apache.org/r1633730
- 2.4.x patch: http://people.apache.org/~trawick/2.4.x-sample-ocsp-stapling.txt
- +1: trawick, covener, gsmith
-
* mod_substitute: Fix memory limitation in case of regexp plus flatten.
trunk patch: http://svn.apache.org/r1628104
http://svn.apache.org/r1628918 (CHANGES)
Modified: httpd/httpd/branches/2.4.x/docs/conf/extra/httpd-ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/conf/extra/httpd-ssl.conf.in?rev=1634521&r1=1634520&r2=1634521&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/conf/extra/httpd-ssl.conf.in (original)
+++ httpd/httpd/branches/2.4.x/docs/conf/extra/httpd-ssl.conf.in Mon Oct 27 12:41:31 2014
@@ -73,6 +73,31 @@ SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:@exp_runtimedir@/ssl_scache(512000)"
SSLSessionCacheTimeout 300
+# OCSP Stapling (requires OpenSSL 0.9.8h or later)
+#
+# This feature is disabled by default and requires at least
+# the two directives SSLUseStapling and SSLStaplingCache.
+# Refer to the documentation on OCSP Stapling in the SSL/TLS
+# How-To for more information.
+#
+# Enable stapling for all SSL-enabled servers:
+#SSLUseStapling On
+
+# Define a relatively small cache for OCSP Stapling using
+# the same mechanism that is used for the SSL session cache
+# above. If stapling is used with more than a few certificates,
+# the size may need to be increased. (AH01929 will be logged.)
+#SSLStaplingCache "shmcb:@exp_runtimedir@/ssl_stapling(32768)"
+
+# Override the OCSP responder URL specified in the certificate
+#SSLStaplingForceURL http://ocsp.example.com/
+
+# Seconds before valid OCSP responses are expired from the cache
+#SSLStaplingStandardCacheTimeout 3600
+
+# Seconds before invalid OCSP responses are expired from the cache
+#SSLStaplingErrorCacheTimeout 600
+
##
## SSL Virtual Host Context
##
Propchange: httpd/httpd/branches/2.4.x/docs/manual/rewrite/advanced.xml
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual/rewrite/advanced.xml:r1633730