[mod_gnutls-devel] Initial development for OCSP support

Benny Baumann BenBE at geshi.org
Mon Feb 17 08:44:15 CET 2014


Hi guys,

as some of you might have noticed in the IRC channel I did some work on
implementing basic OCSP support in mod_gnutls the last few days and
after some trouble I have the first working patches for it.

The patches are currently highly experimental as they eat memory,
kittens and your mom. DO NOT MERGE upstream. I'll do a rework of the
series once all the major issues have been resolved which will have much
cleaner patches than the current proof of concept.

But anyways it would be nice if you could review and test the current
status of the patches which can be found in my Github Repo[1] or checked
out from [2] on branch stapling.

Please send me your feedback, comments, improvements. Patches in Git
Format preferred.

Short note on how to activate the new functions:
1. Setup normal VHost with mod_gnutls as usual
2. Set GnuTLSUseStapling on
3. Make sure your certificate file contains at least your leaf (end user
certificate) as well as its issuer (in this order).

Debug output is logged to error.log on level debug as well as some more
critical messages as warnings.

Looking forward hearing from you,
BenBE.

[1] https://github.com/BenBE/mod_gnutls/tree/stapling
[2] https://github.com/BenBE/mod_gnutls.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140217/e61e527d/attachment.sig>


More information about the mod_gnutls-devel mailing list