Lines 129-134
Link Here
|
129 |
mctx->ocsp_enabled = FALSE; |
129 |
mctx->ocsp_enabled = FALSE; |
130 |
mctx->ocsp_force_default = FALSE; |
130 |
mctx->ocsp_force_default = FALSE; |
131 |
mctx->ocsp_responder = NULL; |
131 |
mctx->ocsp_responder = NULL; |
|
|
132 |
|
133 |
#ifdef HAVE_OCSP_STAPLING |
134 |
mctx->useStapling = FALSE; |
135 |
mctx->StaplingResponseTimeSkew = 60 * 5; |
136 |
mctx->StaplingResponseMaxAge = -1; |
137 |
mctx->StaplingStandardCacheTimeout = 3600; |
138 |
mctx->StaplingReturnResponderErrors = TRUE; |
139 |
mctx->StaplingFakeTryLater = TRUE; |
140 |
mctx->StaplingErrorCacheTimeout = 600; |
141 |
mctx->StaplingResponderTimeout = 10; |
142 |
mctx->StaplingForceURL = NULL; |
143 |
#endif |
132 |
} |
144 |
} |
133 |
|
145 |
|
134 |
static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, |
146 |
static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, |
Lines 222-227
Link Here
|
222 |
cfgMergeBool(ocsp_enabled); |
234 |
cfgMergeBool(ocsp_enabled); |
223 |
cfgMergeBool(ocsp_force_default); |
235 |
cfgMergeBool(ocsp_force_default); |
224 |
cfgMerge(ocsp_responder, NULL); |
236 |
cfgMerge(ocsp_responder, NULL); |
|
|
237 |
#ifdef HAVE_OCSP_STAPLING |
238 |
cfgMerge(useStapling, FALSE); |
239 |
cfgMergeInt(StaplingResponseTimeSkew); |
240 |
cfgMergeInt(StaplingResponseMaxAge); |
241 |
cfgMergeInt(StaplingStandardCacheTimeout); |
242 |
cfgMergeBool(StaplingReturnResponderErrors); |
243 |
cfgMergeBool(StaplingFakeTryLater); |
244 |
cfgMergeInt(StaplingErrorCacheTimeout); |
245 |
cfgMergeInt(StaplingResponderTimeout); |
246 |
cfgMerge(StaplingForceURL, NULL); |
247 |
#endif |
225 |
} |
248 |
} |
226 |
|
249 |
|
227 |
static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base, |
250 |
static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base, |
Lines 1408-1413
Link Here
|
1408 |
return NULL; |
1431 |
return NULL; |
1409 |
} |
1432 |
} |
1410 |
|
1433 |
|
|
|
1434 |
#ifdef HAVE_OCSP_STAPLING |
1435 |
const char *ssl_cmd_SSLUseStapling(cmd_parms *cmd, void *dcfg, int flag) |
1436 |
{ |
1437 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1438 |
sc->server->useStapling = flag ? TRUE : FALSE; |
1439 |
return NULL; |
1440 |
} |
1441 |
|
1442 |
const char *ssl_cmd_SSLStaplingResponseTimeSkew(cmd_parms *cmd, void *dcfg, |
1443 |
const char *arg) |
1444 |
{ |
1445 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1446 |
sc->server->StaplingResponseTimeSkew = atoi(arg); |
1447 |
if (sc->server->StaplingResponseTimeSkew < 0) { |
1448 |
return "SSLStaplingResponseTimeSkew: invalid argument"; |
1449 |
} |
1450 |
return NULL; |
1451 |
} |
1452 |
|
1453 |
const char *ssl_cmd_SSLStaplingResponseMaxAge(cmd_parms *cmd, void *dcfg, |
1454 |
const char *arg) |
1455 |
{ |
1456 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1457 |
sc->server->StaplingResponseMaxAge = atoi(arg); |
1458 |
if (sc->server->StaplingResponseMaxAge < 0) { |
1459 |
return "SSLStaplingResponseMaxAge: invalid argument"; |
1460 |
} |
1461 |
return NULL; |
1462 |
} |
1463 |
|
1464 |
const char *ssl_cmd_SSLStaplingStandardCacheTimeout(cmd_parms *cmd, void *dcfg, |
1465 |
const char *arg) |
1466 |
{ |
1467 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1468 |
sc->server->StaplingStandardCacheTimeout = atoi(arg); |
1469 |
if (sc->server->StaplingStandardCacheTimeout < 0) { |
1470 |
return "SSLStaplingStandardCacheTimeout: invalid argument"; |
1471 |
} |
1472 |
return NULL; |
1473 |
} |
1474 |
|
1475 |
const char *ssl_cmd_SSLStaplingErrorCacheTimeout(cmd_parms *cmd, void *dcfg, |
1476 |
const char *arg) |
1477 |
{ |
1478 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1479 |
sc->server->StaplingErrorCacheTimeout = atoi(arg); |
1480 |
if (sc->server->StaplingErrorCacheTimeout < 0) { |
1481 |
return "SSLStaplingErrorCacheTimeout: invalid argument"; |
1482 |
} |
1483 |
return NULL; |
1484 |
} |
1485 |
|
1486 |
const char *ssl_cmd_SSLStaplingReturnResponderErrors(cmd_parms *cmd, |
1487 |
void *dcfg, int flag) |
1488 |
{ |
1489 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1490 |
sc->server->StaplingReturnResponderErrors = flag ? TRUE : FALSE; |
1491 |
return NULL; |
1492 |
} |
1493 |
|
1494 |
const char *ssl_cmd_SSLStaplingFakeTryLater(cmd_parms *cmd, |
1495 |
void *dcfg, int flag) |
1496 |
{ |
1497 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1498 |
sc->server->StaplingFakeTryLater = flag ? TRUE : FALSE; |
1499 |
return NULL; |
1500 |
} |
1501 |
|
1502 |
const char *ssl_cmd_SSLStaplingResponderTimeout(cmd_parms *cmd, void *dcfg, |
1503 |
const char *arg) |
1504 |
{ |
1505 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1506 |
sc->server->StaplingResponderTimeout = atoi(arg); |
1507 |
if (sc->server->StaplingResponderTimeout < 0) { |
1508 |
return "SSLStaplingResponderTimeout: invalid argument"; |
1509 |
} |
1510 |
return NULL; |
1511 |
} |
1512 |
|
1513 |
const char *ssl_cmd_SSLStaplingForceURL(cmd_parms *cmd, void *dcfg, |
1514 |
const char *arg) |
1515 |
{ |
1516 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1517 |
sc->server->StaplingForceURL = arg; |
1518 |
return NULL; |
1519 |
} |
1520 |
|
1521 |
#endif |
1522 |
|
1523 |
|
1524 |
|
1411 |
void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) |
1525 |
void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) |
1412 |
{ |
1526 |
{ |
1413 |
if (!ap_exists_config_define("DUMP_CERTS")) { |
1527 |
if (!ap_exists_config_define("DUMP_CERTS")) { |