Hi, JohnF
Thanks for your reply.
OCSP which has been supported by openssl library and stunnel is
another way to validate client certificates besides CRL. And CRL has a
shortcoming that it should be updated in time. So I am wondering that
whether haproxy will suport OCSP to verify cleint certificate in the
future.
Best Regards,
Godbach
2013/3/6 John Marrett <jo...@zioncluster.ca>:
> Godbach,
>
> I'm interested to better understand what you want to do with OSCP.
> Ordinarily if you present a certificate using haproxy clients will validate
> it using methods specified in the certificate itself. If these include OSCP
> than it could potentially be used.
>
> In this context your question doesn't make that much sense to me, unless you
> want to validate client certificates used for authentication or you want
> haproxy to prevalidate its certifiate(s) before starting?
>
> What are you trying to do with OSCP that haproxy doesn't support?
>
> -JohnF
>
> On Mar 5, 2013 9:51 PM, "Godbach" <nylzhao...@gmail.com> wrote:
>>
>> Hi, all
>> OCSP(Online Certificate Status Protocol) is also used to verify
>> certificates. I am wondering that if there is any plan to support OCSP
>> in haproxy in the future.
>>
>> Best Regards,
>> Godbach
>>
>
