39c7699ec0799d394d3f67145d4a12ed82f587b8 599385 |
|
29-Nov-2007 |
jorton |
mod_ssl: Add support for OCSP validation of client certificates:
* modules/ssl/ssl_engine_config.c (modssl_ctx_init,
modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
(ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
ssl_cmd_SSLOCSPEnable): Add functions.
* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org> |