Hi, JohnF Thanks for your reply. OCSP which has been supported by openssl library and stunnel is another way to validate client certificates besides CRL. And CRL has a shortcoming that it should be updated in time. So I am wondering that whether haproxy will suport OCSP to verify cleint certificate in the future.
Best Regards, Godbach 2013/3/6 John Marrett <jo...@zioncluster.ca>: > Godbach, > > I'm interested to better understand what you want to do with OSCP. > Ordinarily if you present a certificate using haproxy clients will validate > it using methods specified in the certificate itself. If these include OSCP > than it could potentially be used. > > In this context your question doesn't make that much sense to me, unless you > want to validate client certificates used for authentication or you want > haproxy to prevalidate its certifiate(s) before starting? > > What are you trying to do with OSCP that haproxy doesn't support? > > -JohnF > > On Mar 5, 2013 9:51 PM, "Godbach" <nylzhao...@gmail.com> wrote: >> >> Hi, all >> OCSP(Online Certificate Status Protocol) is also used to verify >> certificates. I am wondering that if there is any plan to support OCSP >> in haproxy in the future. >> >> Best Regards, >> Godbach >> >