5848437fa171c593f777226306b146d02a09f70e - haproxy

commit	5848437fa171c593f777226306b146d02a09f70e	[log] [tgz]
author	Emeric Brun <ebrun@haproxy.com>	Fri Jun 20 15:46:13 2014 +0200
committer	Willy Tarreau <w@1wt.eu>	Mon Jun 23 15:53:12 2014 +0200
tree	43297de6cd35893732337286b148a2104165d102
parent	1135ea40b0ae5e5a98ee0cb9e13491664356adfc [diff]

BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.

For some browsers (firefox), an expired OCSP Response causes unwanted behavior.

Haproxy stops serving OCSP response if nextupdate date minus
the supported time skew (#define OCSP_MAX_RESPONSE_TIME_SKEW) is
in the past.
(cherry picked from commit 4f3c87a5d942d4d0649c35805ff4e335970b87d4)

src/ssl_sock.c[diff]

1 file changed

tree: 43297de6cd35893732337286b148a2104165d102

contrib/
doc/
ebtree/
examples/
include/
src/
tests/
.gitignore
CHANGELOG
LICENSE
Makefile
README
ROADMAP
SUBVERS
VERDATE
VERSION