Mercurial > nginx
changeset 9470:0844ed63b6bd
SSL: disabled using certificate compression with OCSP stapling.
OCSP response in TLSv1.3 is sent in the Certificate message. This
is incompatible with pre-compression of the configured certificates.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 02 Oct 2025 15:22:24 +0400 |
| parents | 46b715093fe3 |
| children | c3be84605871 |
| files | src/http/modules/ngx_http_ssl_module.c src/stream/ngx_stream_ssl_module.c |
| diffstat | 2 files changed, 14 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c Tue Oct 07 22:21:37 2025 +0400 +++ b/src/http/modules/ngx_http_ssl_module.c Thu Oct 02 15:22:24 2025 +0400 @@ -910,13 +910,19 @@ if (conf->stapling) { + if (conf->certificate_compression) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "\"ssl_stapling\" is incompatible with " + "\"ssl_certificate_compression\""); + return NGX_CONF_ERROR; + } + if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file, &conf->stapling_responder, conf->stapling_verify) != NGX_OK) { return NGX_CONF_ERROR; } - } if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) {
--- a/src/stream/ngx_stream_ssl_module.c Tue Oct 07 22:21:37 2025 +0400 +++ b/src/stream/ngx_stream_ssl_module.c Thu Oct 02 15:22:24 2025 +0400 @@ -1155,13 +1155,19 @@ if (conf->stapling) { + if (conf->certificate_compression) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "\"ssl_stapling\" is incompatible with " + "\"ssl_certificate_compression\""); + return NGX_CONF_ERROR; + } + if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file, &conf->stapling_responder, conf->stapling_verify) != NGX_OK) { return NGX_CONF_ERROR; } - } if (ngx_ssl_conf_commands(cf, &conf->ssl, conf->conf_commands) != NGX_OK) {