*) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This | |
allows modules to access and provide OCSP response data without being tied | |
of each other. The data is exchanged in standard, portable formats (PEM encoded | |
certificates and DER encoded responses), so that the actual SSL/crypto | |
implementations used by the modules are independant of each other. | |
Registration and retrieval happen in the context of a server (server_rec) | |
which modules may use to decide if they are configured for this or not. | |
The area of changes: | |
1. core: defines 2 functions in include/http_ssl.h, so that modules may | |
register a certificate, together with its issuer certificate for OCSP | |
response provisioning and ask for current response data (DER bytes) later. | |
Also, 2 hooks are defined that allow modules to implement this OCSP | |
provisioning. | |
2. mod_ssl uses the new functions, in addition to what it did already, to | |
register its certificates this way. If no one is interested in providing | |
OCSP, it falls back to its own (if configured) stapling implementation. | |
3. mod_md registers itself at the core hooks for OCSP provisioning. Depending | |
on configuration, it will accept registrations of its own certificates only, | |
all certficates or none. | |
[Stefan Eissing] |