https://issues.apache.org/bugzilla/show_bug.cgi?id=56233
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Hardware|PC |All Version|2.4-HEAD |2.5-HEAD Summary|OCSP nonce extension |Make OCSP nonce extension |included in request |for client certificate | |revocation checking | |configurable Severity|normal |enhancement --- Comment #3 from Kaspar Brand <[email protected]> --- (In reply to Tom Houston from comment #2) > This bug is to do with using mod_ssl with [RFC 2560] OCSP. Stapling is not > being used in this scenario, i.e. we have configured the SSLOCSPEnable, > SSLOCSPDefaultResponder and SSLOCSPOverrideResponder directives. Preference > would be to have a directive such as SSLOCSPIncludeNonce, for example. It's in the code which does OCSP checking when validating client certificates, yes. See also bug 41123 comment 42, where it is listed under "Further work". The code which fetches responses for stapling is completely separate from this (and will never include a nonce request extension). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
