From 573810ce3668fdb21c2234f12bc05460dcc6810a Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Tue, 7 Jul 2015 16:38:49 +0300 Subject: [PATCH] OCSP stapling: fixed ssl_stapling_file (ticket #769). Broken by 6893a1007a7c (1.9.2) during introduction of strict OCSP response validity checks. As stapling file is expected to be returned unconditionally, fix is to set its validity to the maximum supported time. Reported by Faidon Liambotis. --- src/event/ngx_event_openssl_stapling.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c index 03ff54043..60051ad47 100644 --- a/src/event/ngx_event_openssl_stapling.c +++ b/src/event/ngx_event_openssl_stapling.c @@ -245,6 +245,7 @@ ngx_ssl_stapling_file(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) staple->staple.data = buf; staple->staple.len = len; + staple->valid = NGX_MAX_TIME_T_VALUE; return NGX_OK;