mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

OCSP stapling: OCSP_basic_verify() OCSP_TRUSTOTHER flag now used.

Browse Source 
This is expected to simplify configuration in a common case when OCSP
response is signed by a certificate already present in ssl_certificate
chain.  This case won't need any extra trusted certificates.
This commit is contained in:
Maxim Dounin 2012-10-01 12:51:27 +00:00
parent 1a07a7f2de
commit 3ebbb7d521
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/event/ngx_event_openssl_stapling.c
View File

@ -588,7 +588,7 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx)
chain = staple->ssl_ctx->extra_certs; chain = staple->ssl_ctx->extra_certs;
#endif #endif
if (OCSP_basic_verify(basic, chain, store, 0) != 1) { if (OCSP_basic_verify(basic, chain, store, OCSP_TRUSTOTHER) != 1) {
ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0, ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
"OCSP_basic_verify() failed"); "OCSP_basic_verify() failed");
goto error; goto error;