[PATCH 0 of 2] Support for OCSP stapling verification from upstream
alessandro at cloudflare.com
Fri Jan 22 17:37:47 UTC 2016
this patchset adds support for requesting and verifying OCSP stapled
responses from an HTTP upstream.
In order to avoid code duplication, the first patch refactors the existing
OCSP verification code so that it can be reused for this new functionality.
The diff is a bit messy, so please advise if there's a better way to
accomplish the same and make reviewing the patch easier.
The second patch actually adds the OCSP stapling verification via a new
Note that older OpenSSL versions (pre-1.0.2) had a bug  that caused
OCSP verification to fail for valid responses. I developed a work-around
so I could properly test my code, but it's a bit ugly so it's probably
best to not merge it. I can share it if anyone is interested though.
More information about the nginx-devel