id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
812	Fetch OCSP responses on startup, and store across restarts	jsha@…		"Once TLS Feature (https://datatracker.ietf.org/doc/draft-hallambaker-tlsfeature/?include_text=1, formerly known as OCSP Must Staple) lands, CAs will be able to sign certs with a bit that says ""Do not trust this certificate unless it is accompanied by a stapled OCSP response."" For Nginx users to be able to use such certificates, they need to be able to serve stapled OCSP with high reliability and speed. That means two things:

 - Nginx should prefetch OCSP responses for all configured certificates on startup, and when the responses are nearing their NextUpdate time.
 - Nginx should store OCSP responses in long-term storage, to minimize the cost of startup fetching, and to ensure that if an OCSP responder is temporarily unreachable at startup time, it doesn't prevent correctly serving the relevant site."	enhancement	new	minor		nginx-core	1.9.x				"Linux membrane 3.19.0-30-generic #33-Ubuntu SMP Mon Sep 21 20:58:04 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
N/A"	1.9.6