mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
550c2638c0
Do not enable ClientHello parser for async SNI/OCSP. Use new OpenSSL-1.0.2's API `SSL_set_cert_cb` to pause the handshake process and load the cert/OCSP response asynchronously. Hopefuly this will make whole async SNI/OCSP process much faster and will eventually let us remove the ClientHello parser itself (which is currently used only for async session, see #1462 for the discussion of removing it). NOTE: Ported our code to `SSL_CTX_add1_chain_cert` to use `SSL_CTX_get0_chain_certs` in `CertCbDone`. Test provided for this feature. Fix: https://github.com/iojs/io.js/issues/1423 PR-URL: https://github.com/iojs/io.js/pull/1464 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
24 lines
609 B
INI
24 lines
609 B
INI
[ req ]
|
|
default_bits = 1024
|
|
days = 999
|
|
distinguished_name = req_distinguished_name
|
|
attributes = req_attributes
|
|
prompt = no
|
|
output_password = password
|
|
x509_extensions = v3_ca
|
|
|
|
[ req_distinguished_name ]
|
|
C = US
|
|
ST = CA
|
|
L = SF
|
|
O = Joyent
|
|
OU = Node.js
|
|
CN = ca3
|
|
emailAddress = ry@tinyclouds.org
|
|
|
|
[ req_attributes ]
|
|
challengePassword = A challenge password
|
|
|
|
[ v3_ca ]
|
|
basicConstraints = CA:TRUE
|