Antonio, Hugo, 011/8/25 Antonio Pérez <[email protected]>
> On Thu, Aug 25, 2011 at 4:58 PM, Hugo Vazquez Carames > <[email protected]> wrote: > > >> Well, in my understanding, it should be implement as an uWSGI, FastCGI > or > >> SCGI application. The feature is too specific to be part of a general > >> purpose Web server my default. > > > > Do you really think it is too specific? OCSP validation is a core part of > > the trust chain of client certificate validation... Anyway, I deeply > respect > > your opinion. > > Think about the increasing number of countries using Electronic National > > Identity Cards, and how you can help building a more secure web > > environment... > > We, at work, use something like this[1] with the OCSP servers of DNIe > (Electronic National Identity Cards in Spain). Anyway, IMHO, I think > it could be interesting to have as an option... No overload on the ssl > handshake if you don't enable it, doesn't it? > Alright then. Let's say it is not in among the features I want the develop for the upcoming releases. However, if there were a patch implementing it we could integrate it seamlessly. - Since OpenSSL implements OCSP, I believe it wouldn't be lengthy or intrusive patch anyway. Cheers! -- Greetings, alo http://www.octality.com/
_______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
