diff options
| author |   beck <beck@openbsd.org> | 2017-11-29 16:55:08 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-11-29 16:55:08 +0000 |
| commit | 34538e77d08000dea9d2b297e58be7acd00022e4 (patch) | |
| tree | eae79dc5d3221a996df01cb11994684ee0b21cb0 /usr.sbin/httpd | |
| parent | fcntl(F_GETOWN) doesn't have an argument, so don't display it. While (diff) | |
| download | wireguard-openbsd-34538e77d08000dea9d2b297e58be7acd00022e4.tar.xz wireguard-openbsd-34538e77d08000dea9d2b297e58be7acd00022e4.zip | |
Don't do OCSP stapling only if the staple file is 0 length.
This allows something external (like ocspcheck) to disable the stapling
deliberatly if it can not retreive a valid staple by truncating the
staple file to indicate "do not provide a staple", while the file not
existin will still be treated as a configuration error
ok claudio@ florian@, and prompted by @jsing
Diffstat (limited to 'usr.sbin/httpd')
| -rw-r--r-- | usr.sbin/httpd/httpd.conf.5 | 6 | ||||
| -rw-r--r-- | usr.sbin/httpd/server.c | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5 index ad53df8cc97..4c2e69d5fdb 100644 --- a/usr.sbin/httpd/httpd.conf.5 +++ b/usr.sbin/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.86 2017/11/28 09:40:46 jmc Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.87 2017/11/29 16:55:08 beck Exp $ .\" .\" Copyright (c) 2014, 2015 Reyk Floeter <reyk@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 28 2017 $ +.Dd $Mdocdate: November 29 2017 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -560,7 +560,7 @@ in use. The default is to not use OCSP stapling. If the OSCP response in .Ar file -is unparseable or empty, OCSP stapling will not be used. +is empty, OCSP stapling will not be used. .It Ic protocols Ar string Specify the TLS protocols to enable for this server. If not specified, the value diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 39ebcd0da1d..2a505ace8de 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.112 2017/11/28 01:21:30 beck Exp $ */ +/* $OpenBSD: server.c,v 1.113 2017/11/29 16:55:08 beck Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -189,9 +189,9 @@ server_tls_load_ocsp(struct server *srv) if ((srv->srv_conf.tls_ocsp_staple = tls_load_file( srv->srv_conf.tls_ocsp_staple_file, &srv->srv_conf.tls_ocsp_staple_len, NULL)) == NULL) { - log_warnx("%s: Failed to load ocsp staple from %s - ignoring", __func__, + log_warnx("%s: Failed to load ocsp staple from %s", __func__, srv->srv_conf.tls_ocsp_staple_file); - return (0); + return (-1); } if (srv->srv_conf.tls_ocsp_staple_len == 0) { |