| *) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This | |
| allows modules to access and provide OCSP response data without being tied | |
| of each other. The data is exchanged in standard, portable formats (PEM encoded | |
| certificates and DER encoded responses), so that the actual SSL/crypto | |
| implementations used by the modules are independant of each other. | |
| Registration and retrieval happen in the context of a server (server_rec) | |
| which modules may use to decide if they are configured for this or not. | |
| The area of changes: | |
| 1. core: defines 2 functions in include/http_ssl.h, so that modules may | |
| register a certificate, together with its issuer certificate for OCSP | |
| response provisioning and ask for current response data (DER bytes) later. | |
| Also, 2 hooks are defined that allow modules to implement this OCSP | |
| provisioning. | |
| 2. mod_ssl uses the new functions, in addition to what it did already, to | |
| register its certificates this way. If no one is interested in providing | |
| OCSP, it falls back to its own (if configured) stapling implementation. | |
| 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending | |
| on configuration, it will accept registrations of its own certificates only, | |
| all certficates or none. | |
| [Stefan Eissing] |