path: root/hostapd
diff options
authorJouni Malinen <jouni@qca.qualcomm.com>2015-12-22 17:34:36 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-22 17:42:07 (GMT)
commit5addb0df596d50c7b00f5b2acee4611124b60f89 (patch)
treed11e013e567146acb48be99b9919461f1ae9c3c8 /hostapd
parentbca0872dd5c72135827355c4be1f772cc9641a84 (diff)
Server configuration for OCSP stapling with ocsp_multi (RFC 6961)
This adds a new hostapd configuration parameter ocsp_stapling_response_multi that can be used similarly to the existing ocsp_stapling_response, but for the purpose of providing multiple cached OCSP responses. This commit adds only the configuration parameter, but does not yet add support for this mechanism with any of the supported TLS implementations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
2 files changed, 8 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index f2163b8..503d479 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2132,6 +2132,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
bss->ocsp_stapling_response = os_strdup(pos);
+ } else if (os_strcmp(buf, "ocsp_stapling_response_multi") == 0) {
+ os_free(bss->ocsp_stapling_response_multi);
+ bss->ocsp_stapling_response_multi = os_strdup(pos);
} else if (os_strcmp(buf, "dh_file") == 0) {
bss->dh_file = os_strdup(pos);
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 4f51140..ecd4328 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -795,6 +795,11 @@ eap_server=0
# -respout /tmp/ocsp-cache.der
+# Cached OCSP stapling response list (DER encoded OCSPResponseList)
+# This is similar to ocsp_stapling_response, but the extended version defined in
+# RFC 6961 to allow multiple OCSP responses to be provided.
# dh_file: File path to DH/DSA parameters file (in PEM format)
# This is an optional configuration file for setting parameters for an
# ephemeral DH key exchange. In most cases, the default RSA authentication does