id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
769	nginx 1.9.2 breaks ssl_stapling_file	Faidon Liambotis	Maxim Dounin	"changeset 6181:6893a1007a7c  (""OCSP stapling: avoid sending expired responses (ticket #425)""), included in 1.9.2, broke stapling with ssl_stapling_file (= no OCSP response is being stapled, despite that configuration directive being present).

The problems seems to lie here:
1.24 -    if (staple->staple.len) {
1.25 +    if (staple->staple.len
1.26 +        && staple->valid >= ngx_time())
1.27 +    {
That's from ngx_ssl_certificate_status_callback().

However, staple->valid is only set by ngx_ssl_stapling_ocsp_handler(), which is clearly only called when online stapling is being used."	defect	closed	major		nginx-core	1.9.x	fixed				"nginx version: nginx/1.9.2
built with OpenSSL 1.0.1k 8 Jan 2015
TLS SNI support enabled"