Hi! In our project we want to perform a complete global switch to OCSP
certificate verification (for a number of reasons we don't want CRL's
anymore) to make openldap, openvpn and others use OCSP.
Unfortunately I didn't find any implemented way to perform such a switch
in OpenSSL. There is only on
On Thu, May 03, 2012, Alexander Komyagin wrote:
> Hi! In our project we want to perform a complete global switch to OCSP
> certificate verification (for a number of reasons we don't want CRL's
> anymore) to make openldap, openvpn and others use OCSP.
>
You should note there is a side effect of d
Thanks for the note, Stephen! I'll certainly take this into account.
If I incorporate OCSP check in check_revoked() function, which is called
during SSL connect/handshake it would just block during connect op for a
while, and I believe that no single service shall expect connection
establishment to
On Thu, May 03, 2012, Alexander Komyagin wrote:
> Thanks for the note, Stephen! I'll certainly take this into account.
> If I incorporate OCSP check in check_revoked() function, which is called
> during SSL connect/handshake it would just block during connect op for a
> while, and I believe that n
Can you give me an example of such application? I'll take a look at it.
On Fri, 2012-05-04 at 13:14 +0200, Dr. Stephen Henson wrote:
> On Thu, May 03, 2012, Alexander Komyagin wrote:
>
> > Thanks for the note, Stephen! I'll certainly take this into account.
> > If I incorporate OCSP check in chec
