Consider porting OCSP stapling bugfix to 1.8

[wolfbeast@…]

In https://trac.nginx.org/nginx/changeset/6893a1007a7c7e91e0afeb9c537c5bcecf937faa/nginx issue #425 was fixed. this was 10 months ago and it looks like the next stable release is still miles away.

Please consider porting this fix from mainline to stable.

[wolfbeast@…]

nginx -V output:
nginx version: nginx/1.8.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

[Maxim Dounin]

The next stable branch is expected to appear in a couple of month.

There are no plans to merge this (and other required for it) changes to the 1.8.x stable branch, these changes are not critical (and at the same time not considered safe for stable). If you are seeing the problem as fixed by ticket #425 in real life - you probably don't need SSL stapling at all as it's not used anyway, consider switching it off.