diff options
| author | Stefan Eissing <icing@apache.org> | 2021-04-13 11:12:00 +0000 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2021-04-13 11:12:00 +0000 |
| commit | db5aa786d86e1ef1105f9d9962b496130170bcf6 (patch) | |
| tree | 1d083d775c397b453c13c5f5be484d1a08ab774f /include/ap_mmn.h | |
| parent | 9e2ed5bb859577184b9dfba1e07ee3a55671532f (diff) | |
| download | httpd-db5aa786d86e1ef1105f9d9962b496130170bcf6.tar.gz | |
*) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This
allows modules to access and provide OCSP response data without being tied
of each other. The data is exchanged in standard, portable formats (PEM encoded
certificates and DER encoded responses), so that the actual SSL/crypto
implementations used by the modules are independant of each other.
Registration and retrieval happen in the context of a server (server_rec)
which modules may use to decide if they are configured for this or not.
The area of changes:
1. core: defines 2 functions in include/http_ssl.h, so that modules may
register a certificate, together with its issuer certificate for OCSP
response provisioning and ask for current response data (DER bytes) later.
Also, 2 hooks are defined that allow modules to implement this OCSP
provisioning.
2. mod_ssl uses the new functions, in addition to what it did already, to
register its certificates this way. If no one is interested in providing
OCSP, it falls back to its own (if configured) stapling implementation.
3. mod_md registers itself at the core hooks for OCSP provisioning. Depending
on configuration, it will accept registrations of its own certificates only,
all certficates or none.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888723 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include/ap_mmn.h')
| -rw-r--r-- | include/ap_mmn.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/ap_mmn.h b/include/ap_mmn.h index d1435ff9a7..c1a0c9c8d5 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -667,6 +667,8 @@ * 20201214.1 (2.5.1-dev) Add ap_ssl_conn_is_ssl()/ap_ssl_var_lookup() and hooks * 20201214.2 (2.5.1-dev) Add ap_ssl_add_cert_files, ap_ssl_add_fallback_cert_files * 20201214.3 (2.5.1-dev) Move ap_ssl_* into new http_ssl.h header file + * 20201214.4 (2.5.1-dev) Add `ap_bytes_t` to httpd.h. + * Add ap_ssl_ocsp* hooks and functions to http_ssl.h. */ #define MODULE_MAGIC_COOKIE 0x41503235UL /* "AP25" */ @@ -674,7 +676,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20201214 #endif -#define MODULE_MAGIC_NUMBER_MINOR 3 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 4 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a |