[PATCH] OCSP stapling: better handling of successful OCSP responses.
Maxim Dounin
mdounin at mdounin.ru
Fri May 17 13:20:26 UTC 2013
Hello!
On Thu, May 16, 2013 at 04:10:33PM -0700, Piotr Sikora wrote:
> Erm, "hg export" patch attached, sorry about that.
>
> Best regards,
> Piotr Sikora
>
>
> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1368743844 25200
> # Node ID 4fb8fac2b2f58f8946c120a3da9743c4af8dd6ba
> # Parent cfab1e7e4ac2f0d17199ee1d49ac4647b63746d3
> OCSP stapling: better handling of successful OCSP responses.
>
> All successful OCSP responseses, regardless of the certificate status,
> should be cached and used for OCSP stapling.
Presenting a certificate and a non-good certificate status to a
user looks like "bees against honey" for me. I would rather not.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list