]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 13a6b48) | patch
BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
authorEmeric Brun <ebrun@haproxy.com>
Fri, 20 Jun 2014 13:46:13 +0000 (15:46 +0200)
committerWilly Tarreau <w@1wt.eu>
Mon, 23 Jun 2014 10:14:47 +0000 (12:14 +0200)
commit4f3c87a5d942d4d0649c35805ff4e335970b87d4
treed07daabd75e39db46deb7dc46aff052e4baf906atree
parent13a6b48e241c0a50b501446992ab4fda2529f317commit | diff
BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.

For some browsers (firefox), an expired OCSP Response causes unwanted behavior.

Haproxy stops serving OCSP response if nextupdate date minus
the supported time skew (#define OCSP_MAX_RESPONSE_TIME_SKEW) is
in the past.
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git