Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 359227daa91e
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 1cc916b5b2b7
Choose a head ref
  • 2 commits
  • 2 files changed
  • 2 contributors

Commits on Aug 30, 2018

  1. nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 

    The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
    @vincentbernat
    vincentbernat committed Aug 30, 2018
    Configuration menu
    Copy the full SHA
    1251b34 View commit details
    Browse the repository at this point in the history

Commits on Aug 31, 2018

  1. Merge pull request #45810 from vincentbernat/fix/nginx-stapling 

    nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
    @fpletz
    fpletz committed Aug 31, 2018
    Configuration menu
    Copy the full SHA
    1cc916b View commit details
    Browse the repository at this point in the history