-
We have a well known flow for validation of TLS peer certificate during TLS handshake. When other checks are done peer certificate is ok - the code in crypto/x509/x509_vfy.c::check_cert() checks the r…
-
In case of OCSP reponse signed with embedded OCSP responder cert (not by CA cert directly) ParseResponse from ocsp package does not check if embedded OCSP responder certificate is expired.
It seems…
-
As discussed just before at the workshop, the CERN OCSP server apparently broke, which lead recent enough dcache version to eventually fail their (at least) transfers, with the default of dcache.authn…
-
A script to deploy the Online Responder Role (OCSP) would be good against Enterprise and Standalone CAs would be useful.
Some resources:
- https://github.com/PKISolutions/PSPKI/tree/master/PSPKI/S…
-
For large Kubernetes deployments, it's not recommended to use NFS mounts.
Having this cache be handled externally by a service would make supporting large environments easier.
Ideas:
* Object s…
-
This would implement (9) from https://gist.github.com/sleevi/5efe9ef98961ecfb4da8. Presumably it would override the OCSP AIA in the cert if both are present.
-
|[](https://github.com/oberstet)| @oberstet reported|
|-|-|
|Trac ID|trac#6802|
|Type|enhancement|
|Created|2013-10-27 13:18:06Z|
Quoting from [here]http://en.wikipedia.org/wiki/OCSP_stapling
_OCSP …
-
Hi Ivan,
In the API docs you have «ocspStapling - true if OCSP stapling is deployed on the server»
But many CA's doesn't have OCSP IPv6 responders.
A nice list (probably outdated) in http://unmitiga…
-
We are looking into implementing OCSP stapling support in our application using Ruby and are wondering how to do so/whether this is possible.
I found this SO post giving the steps using openssl: ht…
-
It would be great to support ocsp stapling in the haproxy router.
AFAICT it needs two things
- a loop that gets the ocsp response to serve,
- either a call to haproxy's unix socket with the response,…