commit | 5848437fa171c593f777226306b146d02a09f70e | [log] [tgz] |
---|---|---|
author | Emeric Brun <ebrun@haproxy.com> | Fri Jun 20 15:46:13 2014 +0200 |
committer | Willy Tarreau <w@1wt.eu> | Mon Jun 23 15:53:12 2014 +0200 |
tree | 43297de6cd35893732337286b148a2104165d102 | |
parent | 1135ea40b0ae5e5a98ee0cb9e13491664356adfc [diff] |
BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses. For some browsers (firefox), an expired OCSP Response causes unwanted behavior. Haproxy stops serving OCSP response if nextupdate date minus the supported time skew (#define OCSP_MAX_RESPONSE_TIME_SKEW) is in the past. (cherry picked from commit 4f3c87a5d942d4d0649c35805ff4e335970b87d4)