nginx proxy doesn't cache OCSP responses -

-

i want use nginx caching proxy in front of ocsp responder. 'an ocsp request using post method constructed follows: content-type header has value "application/ocsp-request" while body of message binary value of der encoding of ocsprequest.' (from rfc2560)

hence, configured nginx follows:

proxy_cache_path  /tmp/nginx/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m; server {         # make site accessible http://localhost/         server_name localhost;         location / {                 proxy_pass  http://213.154.225.237:80; #ocsp.cacert.org                 proxy_cache my-cache;                 proxy_cache_methods    post;                 proxy_cache_valid  200 302  60m;                 proxy_cache_valid  404      1m;                 proxy_cache_key        "$uri$request_body";                 expires off;                 proxy_set_header        host            $host;                 proxy_set_header        x-real-ip       $remote_addr;         } )

i can access ocsp responder through nginx , responses received expected - no issue. problem nginx doesn't cache responses. nonces not being sent part of request. using wireshark verified requests identical (on http layer). how configure nginx caches responses?

note, use following command testing:

openssl ocsp -issuer cacert.crt -no_nonce -cafile cabundle.crt -url http://localhost/ -serial <serial>

there lot more caching ocsp responses caching der made of. lightweight ocsp profile , make sure responder include necessary headers response.

i recommend use specially build ocsp proxy cache, there many out there. example axway's validation authority repeater choice.


Comments

Post a Comment

Popular posts from this blog

java - Jmockit String final length method mocking Issue -

-
using jmockit 1.2 jar, trying mock string's length method getting unexpected invocation exception: failed: test java.lang.illegalstateexception: missing invocation mocked type @ point; please make sure such invocations appear after declaration of suitable mock field or parameter @ stringdemo.testa$1.<init>(testa.java:17) @ stringdemo.testa.test(testa.java:13) i using testng: @test public void test() throws exception { new expectations() { @mocked("length") string astring; { astring.length(); result = 2; } }; system.out.println(a.showa("test")); } } actual class a: public class { public static int showa(string str){ int a= str.length(); return a; } } this wrong way of recording expected results. shouldn't mock , record string's length() method, record showa() instead. here solution @suppresswarnings("unused...
Read more

What is the difference between data design and data model(ERD) -

-
i have google question , find answer in day. know, data design many many table have list column,and mark pk , fk. why er-diagram have find this? data design process of designing database. main output of data design detailed logical data model of database. some people data design includes of needed logical , physical design choices , physical storage parameters needed generate design in data definition language. technically, database analysis, database analysts (dbas) trained do. while person can both data design , database analysis, these 2 different tasks. data design models data. database analysis takes model , applies 1 or more database engines (relational, hierarchical, nosql). a logical data model 1 of main outputs of data design. data model represented entity relationship diagram, or er diagram.
Read more

ios - Can NSManagedObject conform to NSCoding -

-
i need transfer single object across device. right converting nsmanagedobject dictionary , archiving , sending nsdata. upon receiving unarchiving it. transfer nsmanagedobject archiving , unarchiving instead of creating intermediate data object. @interface test : nsmanagedobject<nscoding> @property (nonatomic, retain) nsstring * title; @end @implementation test @dynamic title; - (id)initwithcoder:(nscoder *)coder { self = [super init]; if (self) { self.title = [coder decodeobjectforkey:@"title"]; //<crash } return self; } - (void)encodewithcoder:(nscoder *)coder { [coder encodeobject:self.title forkey:@"title"]; } @end nsdata *archivedobjects = [nskeyedarchiver archiveddatawithrootobject:testobj]; nsdata *objectsdata = archivedobjects; if ([objectsdata length] > 0) { nsarray *objects = [nskeyedunarchiver unarchiveobjectwithdata:objectsdata]; } the problem above code is. crashes @ self.title in initwithcoder sa...
Read more