mirror
/
nginx
mirror of https://github.com/nginx/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SSL: disabled using certificate compression with OCSP stapling. 

OCSP response in TLSv1.3 is sent in the Certificate message.  This
is incompatible with pre-compression of the configured certificates.
This commit is contained in:
Sergey Kandaurov 2025-10-02 15:22:24 +04:00 committed by pluknet
parent f5a989cda2
commit 25b03d6500
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/http/modules/ngx_http_ssl_module.c
View File

@ -910,13 +910,19 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->stapling) {
if (conf->certificate_compression) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"\"ssl_stapling\" is incompatible with "
"\"ssl_certificate_compression\"");
return NGX_CONF_ERROR;
}
if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
&conf->stapling_responder, conf->stapling_verify)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
}
if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) {

8
src/stream/ngx_stream_ssl_module.c
View File

@ -1155,13 +1155,19 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->stapling) {
if (conf->certificate_compression) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"\"ssl_stapling\" is incompatible with "
"\"ssl_certificate_compression\"");
return NGX_CONF_ERROR;
}
if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
&conf->stapling_responder, conf->stapling_verify)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
}
if (ngx_ssl_conf_commands(cf, &conf->ssl, conf->conf_commands) != NGX_OK) {