https://issues.apache.org/bugzilla/show_bug.cgi?id=56233
--- Comment #5 from Kaspar Brand <[email protected]> --- (In reply to Yann Ylavic from comment #4) > This patch (trunk/2.4.x/2.4.9) adds the new SSLOCSPUseQueryNonce directive > to enable (default) or disable the nonce in OCSP queries. Thanks for taking this up, Yann. You also need to wrap the OCSP_check_nonce call with an "if (sc->server->ocsp_use_query_nonce != FALSE)" - from OpenSSL's crypto/ocsp/ocsp_ext.c: /* Check nonce validity in a request and response. * Return value reflects result: * 1: nonces present and equal. * 2: nonces both absent. * 3: nonce present in response only. * 0: nonces both present and not equal. * -1: nonce in request only. * * For most responders clients can check return > 0. * If responder doesn't handle nonces return != 0 may be * necessary. return == 0 is always an error. */ -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
