summaryrefslogtreecommitdiff
path: root/pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch
diff options
context:
space:
mode:
authorVincent Bernat <vincent@bernat.ch>2018-08-30 22:33:56 +0200
committerVincent Bernat <vincent@bernat.ch>2018-08-30 22:47:41 +0200
commit1251b34b5bbcd11a7a2974df7bada5d6d47b985d (patch)
tree329594bc20b6a23ba815d915f8e8b92c04b7bbb3 /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch
parent2a606200bca4f5552f7f28e0f11dfbfedc2aa81a (diff)
nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
The recommended TLS configuration comes with `ssl_stapling on` and `ssl_stapling_verify on`. However, this last directive also requires the use of `ssl_trusted_certificate` to verify the received answer. When using `enableACME` or similar, we can help the user by providing the correct value for the directive. The result can be tested with: openssl s_client -connect web.example.com:443 -status 2> /dev/null Without OCSP stapling, we get: OCSP response: no response sent After this change, we get: OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Aug 30 20:46:00 2018 GMT
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions