Hello,

I'm finding conflicting information on whether OpenSSL can perform OCSP 
validation via AIA responders through a proxy. An open issue at GitHub suggests 
that this is an open feature request 
(https://github.com/openssl/openssl/issues/6965), however I've seen people 
saying that a proxy can be specified when using "openssl ocsp" by passing 
"-host <proxy_host>:<proxy_port>" and "-path <OCSP_AIA_URL>". Which one is 
correct?

If context matters, this is about having support in stunnel for performing OCSP 
validation via AIA responders through a proxy. Currently it ignores any *_proxy 
variables, and consequently validation fails when there's no direct internet 
access. Research I've done so far suggests that the limitation lies in OpenSSL, 
not stunnel, hence this email.

Regards,

Daniel O.




Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg, 
R.C.S. Luxembourg B186284

Amazon Web Services EMEA SARL, Irish Branch, One Burlington Plaza, Burlington 
Road, Dublin 4, Ireland, branch registration number 908705


Reply via email to