diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-03-05 15:18:04 -0500 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2018-03-07 11:03:43 -0500 |
| commit | 3e3c7c3646878fbbef07865aca007e112cf0fc26 (patch) | |
| tree | 9db28b6c140ecae0ad0f44cb3e87a7db9233ce10 /CHANGES | |
| parent | c7d5ea2670c2f2ce855b099a14ca2c218661ad3f (diff) | |
Implement multi-process OCSP responder.
With "-multi" the OCSP responder forks multiple child processes,
and respawns them as needed. This can be used as a long-running
service, not just a demo program. Therefore the index file is
automatically re-read when changed. The responder also now optionally
times out client requests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -9,6 +9,20 @@ Changes between 1.1.0g and 1.1.1 [xx XXX xxxx] + *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running + in responder mode now supports the new "-multi" option, which + spawns the specified number of child processes to handle OCSP + requests. The "-timeout" option now also limits the OCSP + responder's patience to wait to receive the full client request + on a newly accepted connection. Child processes are respawned + as needed, and the CA index file is automatically reloaded + when changed. This makes it possible to run the "ocsp" responder + as a long-running service, making the OpenSSL CA somewhat more + feature-complete. In this mode, most diagnostic messages logged + after entering the event loop are logged via syslog(3) rather than + written to stderr. + [Viktor Dukhovni] + *) Added support for X448 and Ed448. Heavily based on original work by Mike Hamburg. [Matt Caswell] |