This is a multipart message in MIME format.
--=_alternative 004F22CAC1256E84_=
Content-Type: text/plain; charset="us-ascii"
Hello,
I plan to add OCSP support to modssl (and also enhance CRL support - see
the end of the e-mail).
I have the code for the OCSP check, but I'd like to check the integration
with everybody, as I will give the code back to you - if you're
interesting in it :-)
Here is what I currently plan:
1. Add a parameter "UseOCSP" in the config file
2. In function "ssl_callback_SSLVerify( )", replace the call to
"ssl_callback_SSLVerify_CRL( )" by a call to a new function
"ssl_callback_SSLVerify_Validity( )", with exactly the same parameters
3. In "ssl_callback_SSLVerify_Validity( )":
- if the parameter "UseOCSP" is on, try an OCSP check
- if the OCSP check failed because the certificate is revoked => return
error
- if the OCSP check succedded => return ok ("ok" is an input parameter,
don't know what it is exactly)
- call "ssl_callback_SSLVerify_CRL( )" and return result
Do you see any problem with that ?
Is somebody interesting in testing that code, or even work on it ?
After that step, I will also add CRL automatic download. I will describe
this in another e-mail.
Marc
--=_alternative 004F22CAC1256E84_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">Hello,</font>
<br>
<br><font size=2 face="sans-serif">I plan to add OCSP support to modssl (and also enhance CRL support - see the end of the e-mail).</font>
<br><font size=2 face="sans-serif">I have the code for the OCSP check, but I'd like to check the integration with everybody, as I will give the code back to you - if you're interesting in it :-)</font>
<br>
<br><font size=2 face="sans-serif">Here is what I currently plan:</font>
<br><font size=2 face="sans-serif">1. Add a parameter "UseOCSP" in the config file</font>
<br><font size=2 face="sans-serif">2. In function "ssl_callback_SSLVerify( )", replace the call to "ssl_callback_SSLVerify_CRL( )" by a call to a new function "ssl_callback_SSLVerify_Validity( )", with exactly the same parameters</font>
<br><font size=2 face="sans-serif">3. In "ssl_callback_SSLVerify_Validity( )":</font>
<br><font size=2 face="sans-serif"> - if the parameter "UseOCSP" is on, try an OCSP check</font>
<br><font size=2 face="sans-serif"> - if the OCSP check failed because the certificate is revoked => return error</font>
<br><font size=2 face="sans-serif"> - if the OCSP check succedded => return ok ("ok" is an input parameter, don't know what it is exactly)</font>
<br><font size=2 face="sans-serif"> - call "ssl_callback_SSLVerify_CRL( )" and return result<br>
</font>
<br><font size=2 face="sans-serif">Do you see any problem with that ?</font>
<br><font size=2 face="sans-serif">Is somebody interesting in testing that code, or even work on it ?</font>
<br>
<br><font size=2 face="sans-serif">After that step, I will also add CRL automatic download. I will describe this in another e-mail.</font>
<br>
<br><font size=2 face="sans-serif">Marc<br>
</font>
--=_alternative 004F22CAC1256E84_=--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
