CERBERUS/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2026-06-26 20:01:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

OCSP stapling: OCSP_basic_verify() OCSP_TRUSTOTHER flag now used.

Browse source 
This is expected to simplify configuration in a common case when OCSP
response is signed by a certificate already present in ssl_certificate
chain.  This case won't need any extra trusted certificates.
This commit is contained in:
Maxim Dounin 2012-10-01 12:51:27 +00:00
parent 1a07a7f2de
commit 3ebbb7d521
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/event/ngx_event_openssl_stapling.c
View file

@ -588,7 +588,7 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx)
chain = staple->ssl_ctx->extra_certs;
#endif
if (OCSP_basic_verify(basic, chain, store, 0) != 1) {
if (OCSP_basic_verify(basic, chain, store, OCSP_TRUSTOTHER) != 1) {
ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
"OCSP_basic_verify() failed");
goto error;