[nginx] OCSP stapling: fixed ssl_stapling_file (ticket #769).
Maxim Dounin
mdounin at mdounin.ru
Tue Jul 7 14:06:28 UTC 2015
details: http://hg.nginx.org/nginx/rev/dcae651b2a0c
branches:
changeset: 6205:dcae651b2a0c
user: Maxim Dounin <mdounin at mdounin.ru>
date: Tue Jul 07 16:38:49 2015 +0300
description:
OCSP stapling: fixed ssl_stapling_file (ticket #769).
Broken by 6893a1007a7c (1.9.2) during introduction of strict OCSP response
validity checks. As stapling file is expected to be returned unconditionally,
fix is to set its validity to the maximum supported time.
Reported by Faidon Liambotis.
diffstat:
src/event/ngx_event_openssl_stapling.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diffs (11 lines):
diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -245,6 +245,7 @@ ngx_ssl_stapling_file(ngx_conf_t *cf, ng
staple->staple.data = buf;
staple->staple.len = len;
+ staple->valid = NGX_MAX_TIME_T_VALUE;
return NGX_OK;
More information about the nginx-devel
mailing list