OCSP support added

This is a multipart message in MIME format.
--=_alternative 0028007DC1256F19_=
Content-Type: text/plain; charset="US-ASCII"

Fyi, I added support for certificate validation through OCSP, where the
OCSP server URI is contained in the certificate itself (following the
X.509 standard).
The patch is available on
http://issues.apache.org/bugzilla/show_bug.cgi?id=31383 (for 2.0.49, but
most of it is in separate files, thus it should be easy to add to 1.3).

The check is optional.
There is also a parameter to decide if the authentication fails or not
when the server cannot be reached.

The code allows conditional compilation (full code enclosed in #ifdef).

This was developed for the Belgium Government and distributed publicly
from January 2004. No bug has been reported since.

The code supports a proxy, although the option was not added in the config
file.
Another option in the config file could be to use a specified URI in case
it is not present in the certificate.

If you have any remarks about it, just send me an e-mail.

Marc Stern
CSC Computer Sciences Corporation Belgium
Security Solutions Group Manager / Network and System Architect
mobile: +32 (0)475 68 29 10 - Phone: +32 (0)2 714 74 91
e-mail: mstern [at] csc.com - fax: +32 (0)2 714 71 01
Hippokrateslaan,14 - B-1932 Sint-Stevens-Woluwe - Belgium

------------------------------------------------------------ ----------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
------------------------------------------------------------ ----------------------------

--=_alternative 0028007DC1256F19_=
Content-Type: text/html; charset="US-ASCII"

 Fyi, I added support for certificate
validation through OCSP, where the OCSP server URI is contained in the
certificate itself (following the X.509 standard).
 The patch is available on http://issues.apache.org/bugzilla/show_bug.cgi?id=31383
(for 2.0.49, but most of it is in separate files, thus it should be easy
to add to 1.3).
 
 The check is optional.
 There is also a parameter to decide
if the authentication fails or not when the server cannot be reached.
 
 The code allows conditional compilation
(full code enclosed in #ifdef).
 
 This was developed for the Belgium Government
and distributed publicly from January 2004. No bug has been reported since.
 
 The code supports a proxy, although
the option was not added in the config file.
 Another option in the config file could
be to use a specified URI in case it is not present in the certificate.
 
 If you have any remarks about it, just
send me an e-mail.
 
Marc Stern 
CSC Computer
Sciences Corporation Belgium 
Security Solutions Group Manager / Network and System Architect 
mobile: +32 (0)475 68 29 10 - Phone: +32 (0)2
714 74 91 
e-mail: mstern [at] csc.com - fax: +32 (0)2 714 71
01 
Hippokrateslaan,14 - B-1932 Sint-Stevens-Woluwe -
Belgium 
 
 
------------------------------------------------------------ ---------------------------- 
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose. 
------------------------------------------------------------ ---------------------------- 

--=_alternative 0028007DC1256F19_=--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org