Hello, I may in left field here but maybe you can point me
in the right direction.
I would like to configure Nginx as a forward proxy for a
server that is serving binary encoded objects/files used in PKI; specifically
CRLs and X509.
These objects have “next update” periods in them that can be
used as “cache” periods or atleast the input to them (basically
clients/intermediates should never cache beyond those validity periods).
I was wondering if there was any way to leverage Nginx the
work done by this project’s addition of LUA to Nginx to accomplish this.
For example I would want to extract the This update or Next
update from a OCSP response:
openssl
ocsp -respin ocspglobalsignca.resp -text
OCSP
Response Data:
OCSP
Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id:
70F9ACAFEFAF9D345FC498793CA452BB9D87EF72
Produced At: Oct 9 07:31:09 2013 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash:
A0720EA06A7C620254F2A8F59DD27BA4F3B72FA4
Issuer Key Hash:
B0B04AFD1C7528F81C61AA13F6FAC1903D6B16A3
Serial Number:
1121A88BBF3F2260E5988C734C9F86E08C91
Cert Status: good
Next
Update: Oct 9 07:31:09 2014 GMT
This Update: Oct 9 07:31:09 2013 GMT
And compute
what the expires header should be based on those values; is this something can
can be done with this project?
Thanks in
advance,
Ryan