[
https://issues.apache.org/jira/browse/TS-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14076713#comment-14076713
]
James Peach commented on TS-2367:
---------------------------------
I think {{MAX_STAPLING_DER}} should be removed.
The DER copy in {{stapling_get_cached_response}} looks strange; can
{{d2i_OCSP_RESPONSE}} just use the DER response in ghee {{certinfo}} struct?
I don't know about the blocking {{select}} loop to hit the responders. We can
land the change with that, but would you be able to look into using the ATS
core HTTP APIs to fetch the responses?
{{proxy.config.ssl.stapling.update_period}} isn't really a check periodicity,
it's a sleep period between checks. To implement an update period, you could
{{schedule_every}}, using a lock to make sure that you don't get concurrent
updates. This also saves another background thread.
All functions that return 1 or 0 should be declared {{bool}}.
> Add OCSP (Online Certificate Status Protocol) Stapling Support
> ---------------------------------------------------------------
>
> Key: TS-2367
> URL: https://issues.apache.org/jira/browse/TS-2367
> Project: Traffic Server
> Issue Type: New Feature
> Components: HTTP, SSL
> Reporter: Bryan Call
> Assignee: Bryan Call
> Labels: review
> Fix For: 5.1.0
>
> Attachments: TS-2367.diff, TS-2367.diff
>
>
> RFC:
> http://tools.ietf.org/html/rfc6066
> Overview:
> https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
> http://en.wikipedia.org/wiki/OCSP_stapling
> There is support for this added into openssl 0.9.8g.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
