Opened 4 years ago

Closed 4 years ago

#940 closed defect (wontfix)

Consider porting OCSP stapling bugfix to 1.8

Reported by: wolfbeast@… Owned by:
Priority: critical Milestone:
Component: nginx-core Version: 1.8.x
Keywords: Cc:
uname -a:
nginx -V: 1.8.2

Description

In https://trac.nginx.org/nginx/changeset/6893a1007a7c7e91e0afeb9c537c5bcecf937faa/nginx issue #425 was fixed. this was 10 months ago and it looks like the next stable release is still miles away.

Please consider porting this fix from mainline to stable.

Change History (2)

comment:1 by wolfbeast@…, 4 years ago

nginx -V output:
nginx version: nginx/1.8.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

comment:2 by Maxim Dounin, 4 years ago

Resolution: wontfix
Status: newclosed

The next stable branch is expected to appear in a couple of month.

There are no plans to merge this (and other required for it) changes to the 1.8.x stable branch, these changes are not critical (and at the same time not considered safe for stable). If you are seeing the problem as fixed by ticket #425 in real life - you probably don't need SSL stapling at all as it's not used anyway, consider switching it off.

Note: See TracTickets for help on using tickets.