https://bz.apache.org/bugzilla/show_bug.cgi?id=66664
Bug ID: 66664
Summary: Request for crl fallback enabling
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: d.schiaroli....@gmail.com
Target Milestone: ---
The default behaviour of apache regarding verification is to enable OCSP, CRL
or all together. All the mechanism of cert verification have to report a valid
status to make the connection possibile. If one of the mechanism is broken,
like an unresponsive OCSP Responder, the verification will fail. In my opinion
it will be better to make these mechanism more configurable, adding the
possibility to ocsp have a fallback, and not to abort the verification. Are
there suitable mechanism in apache that make this already possible? I hope I
was clear, thanks
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
