Hello! On Thu, Apr 09, 2015 at 04:49:06PM +0000, Filipe DA SILVA wrote:
> Hi Maxim. > > Thanks for the return. > > I bet you are talking about this API: > https://github.com/openssl/openssl/commit/0f78819c8ccb7c526edbe90d5b619281366ce75c Yes. > Should the compatibility with old OpenSSL versions before 1.0.2 remain ? For sure - we currently support OpenSSL 0.9.7 and newer. But we don't need to support multiple certs with versions before OpenSSL 1.0.2. Just an appropriate error if user tries to configure this would be enough. (Just in case, there are two basic problems in older versions: no way to specify a chain for each certificate, and no way to find out the certificate used for a connection as needed for OCSP stapling). > A good solution would be to keep directly a list of OCSP_CERTID > in the stapling context. > Instead of keeping reference to cert/issuer certificates. I think we should attach stapling details to certificates. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
