Multiple Cert support ( Was: RE : [PATCH 1 of 6] SSL: refactoring of ngx_ssl_certificate method. )

Filipe DA SILVA fdasilva at ingima.com
Thu Apr 9 16:49:06 UTC 2015


Hi Maxim.

Thanks for the return.

I bet you are talking about this API: 
https://github.com/openssl/openssl/commit/0f78819c8ccb7c526edbe90d5b619281366ce75c

Should the compatibility with old OpenSSL versions before 1.0.2 remain ? 

A good solution would be to keep directly a list of OCSP_CERTID in the stapling context.
Instead of keeping reference to cert/issuer certificates.

Regards,
Filipe 

________________________________________

Hello!

On Thu, Apr 09, 2015 at 09:58:27AM +0000, Filipe DA SILVA wrote:

> Hi,
>
> This is the cleaned and up to date version of 'Multiple server
> certificate support ' patches.
>
> Reviews and comments are welcome.

The main problem of these patches, as originally submitted by
Eldar, is the approach used.  It is believed that appropriate
support for multiple certificates may be introduce only in recent
OpenSSL versions, and there is no need to maintain list of
certificates in these versions: it's already maintained by
OpenSSL.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel



More information about the nginx-devel mailing list