Hello Steve, dear list, inspired by https://issues.apache.org/bugzilla/show_bug.cgi?id=43822 (OCSP stapling support for mod_ssl) I dare asking, if this patch might solve a requirement we face at the moment:
We do client authentication with certificates in Apache/mod_ssl (working as SSL-reverse-proxy) and we do require validation via OCSP. In order to avoid thousands of OCSP requests within short time, the system must provide an OCSP request cache, i.e. the situation is a little different from what the stapling patch is intended to do - but if we see Apache itself as a "client", it would be fitting. On basis of Apache 2.3 (for all the OCSP handling...) we have done some customizations already (thanks for your help on openssl-users!), so including the stapling patch would be welcome. I was wondering, if you had any ideas regarding this question that could help us? I'll look at the code now and try to apply the patch. Any thoughts and help welcome. Thanks in advance! Mit freundlichen Grüßen / Kind regards Natanael Mignon IT - beraten | planen | umsetzen | betreiben __________________________________________________________________________ michael-wessel.de Informationstechnologie GmbH Krausenstraße 50 30171 Hannover Germany fon (+49) 511 260 911-0 (DW -13) fax (+49) 511 318 039-9 eMail n...@michael-wessel.de web www.michael-wessel.de Geschäftsführer: Michael Wessel Dipl. Phys. Amtsgericht Hannover HR B 59031 Alle Produktnamen und Firmennamen sind ggfs. eingetragene Warenzeichen und/oder Markennamen der jeweiligen Hersteller. Angebote freibleibend, Irrtümer und Druckfehler vorbehalten. Lieferung vorbehaltlich ausreichender Selbstbelieferung. © 2009 michael-wessel.de
