Opened 3 years ago

Closed 3 years ago

#940 closed defect (wontfix)

Consider porting OCSP stapling bugfix to 1.8

Reported by: wolfbeast@… Owned by:
Priority: critical Milestone:
Component: nginx-core Version: 1.8.x
Keywords: Cc:
uname -a:
nginx -V: 1.8.2

Description

In https://trac.nginx.org/nginx/changeset/6893a1007a7c7e91e0afeb9c537c5bcecf937faa/nginx issue #425 was fixed. this was 10 months ago and it looks like the next stable release is still miles away.

Please consider porting this fix from mainline to stable.

Change History (2)

comment:1 Changed 3 years ago by wolfbeast@…

nginx -V output:
nginx version: nginx/1.8.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

comment:2 Changed 3 years ago by mdounin

  • Resolution set to wontfix
  • Status changed from new to closed

The next stable branch is expected to appear in a couple of month.

There are no plans to merge this (and other required for it) changes to the 1.8.x stable branch, these changes are not critical (and at the same time not considered safe for stable). If you are seeing the problem as fixed by ticket #425 in real life - you probably don't need SSL stapling at all as it's not used anyway, consider switching it off.

Note: See TracTickets for help on using tickets.