[jira] [Comment Edited] (TS-2367) Add OCSP (Online Certificate Status Protocol) Stapling Support

Bryan Call (JIRA) Mon, 28 Jul 2014 16:14:10 -0700

    [ 
https://issues.apache.org/jira/browse/TS-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14077099#comment-14077099
 ]


Bryan Call edited comment on TS-2367 at 7/28/14 11:12 PM:
----------------------------------------------------------

After talking to [[email protected]] on the IRC:

1. Move sleep from stapling_update() to StaplingUpdateContinuation::mainEvent
sleep(SSLConfigParams::ssl_stapling_update_period);
2. Keep the updates in its own thread since they are blocking updates.
3. All functions that return 1 or 0 should be declared bool.
4. The DER copy in stapling_get_cached_response looks strange; can 
d2i_OCSP_RESPONSE just use the DER response in ghee certinfo struct?
5. Change configuration options with stapling to ocsp.  I think users would be 
able to understand what it does better.


was (Author: bcall):
After talking to [[email protected]] on the IRC:

1. Move sleep from stapling_update() to StaplingUpdateContinuation::mainEvent
sleep(SSLConfigParams::ssl_stapling_update_period);
2. Keep the updates in its own thread since they are blocking updates.
3. All functions that return 1 or 0 should be declared bool.
4. The DER copy in stapling_get_cached_response looks strange; can 
d2i_OCSP_RESPONSE just use the DER response in ghee certinfo struct?
5. Change configuration option with stapling to ocsp.  I think users would be 
able to understand what it does better.

> Add OCSP (Online Certificate Status Protocol) Stapling Support 
> ---------------------------------------------------------------
>
>                 Key: TS-2367
>                 URL: https://issues.apache.org/jira/browse/TS-2367
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: HTTP, SSL
>            Reporter: Bryan Call
>            Assignee: Bryan Call
>              Labels: review
>             Fix For: 5.1.0
>
>         Attachments: TS-2367.diff, TS-2367.diff
>
>
> RFC:
> http://tools.ietf.org/html/rfc6066
> Overview:
> https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
> http://en.wikipedia.org/wiki/OCSP_stapling
> There is support for this added into openssl 0.9.8g.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Comment Edited] (TS-2367) Add OCSP (Online Certificate Status Protocol) Stapling Support

Reply via email to