nginx proxy doesn't cache OCSP responses -

-

i want use nginx caching proxy in front of ocsp responder. 'an ocsp request using post method constructed follows: content-type header has value "application/ocsp-request" while body of message binary value of der encoding of ocsprequest.' (from rfc2560)

hence, configured nginx follows:

proxy_cache_path  /tmp/nginx/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m; server {         # make site accessible http://localhost/         server_name localhost;         location / {                 proxy_pass  http://213.154.225.237:80; #ocsp.cacert.org                 proxy_cache my-cache;                 proxy_cache_methods    post;                 proxy_cache_valid  200 302  60m;                 proxy_cache_valid  404      1m;                 proxy_cache_key        "$uri$request_body";                 expires off;                 proxy_set_header        host            $host;                 proxy_set_header        x-real-ip       $remote_addr;         } )

i can access ocsp responder through nginx , responses received expected - no issue. problem nginx doesn't cache responses. nonces not being sent part of request. using wireshark verified requests identical (on http layer). how configure nginx caches responses?

note, use following command testing:

openssl ocsp -issuer cacert.crt -no_nonce -cafile cabundle.crt -url http://localhost/ -serial <serial>

there lot more caching ocsp responses caching der made of. lightweight ocsp profile , make sure responder include necessary headers response.

i recommend use specially build ocsp proxy cache, there many out there. example axway's validation authority repeater choice.


Comments

Post a Comment

Popular posts from this blog

java - Jmockit String final length method mocking Issue -

-
using jmockit 1.2 jar, trying mock string's length method getting unexpected invocation exception: failed: test java.lang.illegalstateexception: missing invocation mocked type @ point; please make sure such invocations appear after declaration of suitable mock field or parameter @ stringdemo.testa$1.<init>(testa.java:17) @ stringdemo.testa.test(testa.java:13) i using testng: @test public void test() throws exception { new expectations() { @mocked("length") string astring; { astring.length(); result = 2; } }; system.out.println(a.showa("test")); } } actual class a: public class { public static int showa(string str){ int a= str.length(); return a; } } this wrong way of recording expected results. shouldn't mock , record string's length() method, record showa() instead. here solution @suppresswarnings("unused&qu
Read more

asp.net - Razor Page Hosted on IIS 6 Fails Every Morning -

-
i have simple page in intranet uses razor/asp fetch single record table , display it, plus few graphic, dashboard display. meaning, no user intervention other first time open ie internal url. the problem having every morning ie displays "page not found or network error" message. refresh page, , it's stuck , doesn't display anything. try different pc, open ie internal url , it's stuck... ...until following: login server hosting page run inetmgr go web sites, etc right click on page that's giving me problem , select browse at moment, error message: server error in '/' application. -------------------------------------------------------------------------------- type of page not served. description: type of page have requested not served because has been explicitly forbidden. extension '.cshtml' may incorrect. please review url below , make sure spelled correctly. requested url: /application/dashboard.cshtml ---------------
Read more

c++ - wxwidget compiling on windows command prompt -

-
can please guide me on method,as how compile wxwidget using windows command prompt or msys. [i can't seem find on wxwiki/wxwidget official book/anywhere else] i have compiled wxwidget instructions have provided (using msys). from searching on internet seems 1 can (maybe?) through use of makefile (is correct?) if yes: directory & how should link wx libraries in makefile if no: way besides makefile? i know can use ide's code::block , make life simpler prefer compile using command prompt/msys. thanks in advance.
Read more