You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2014/04/25 17:18:21 UTC
[jira] [Commented] (TS-2367) Add OCSP (Online Certificate Status
Protocol) Stapling Support
[ https://issues.apache.org/jira/browse/TS-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13981112#comment-13981112 ]
James Peach commented on TS-2367:
---------------------------------
Some quick comments on style:
- this is large enough to have a separate file, {{OCSPStapling.cc}}
- looks like you don't need {{HAVE_OPENSSL_OCSP_STAPLING}}, since it is always true
- can you remove {{MAX_STAPLING_DER}} and just allocate the size you need?
- {{struct certinfo}} doesn't need to be in a header, and should be called {{ocsp_stapling_info}}, or something. If it ends up being needed in the header, follow the naming conventions used there/
- the new settings need to be documented
- is there any was we can add regression tests for this?
> Add OCSP (Online Certificate Status Protocol) Stapling Support
> ---------------------------------------------------------------
>
> Key: TS-2367
> URL: https://issues.apache.org/jira/browse/TS-2367
> Project: Traffic Server
> Issue Type: New Feature
> Components: HTTP, SSL
> Reporter: Bryan Call
> Assignee: Bryan Call
> Labels: review
> Fix For: 5.0.0
>
> Attachments: TS-2367.diff
>
>
> RFC:
> http://tools.ietf.org/html/rfc6066
> Overview:
> https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
> http://en.wikipedia.org/wiki/OCSP_stapling
> There is support for this added into openssl 0.9.8g.
--
This message was sent by Atlassian JIRA
(v6.2#6252)