-
In case of OCSP reponse signed with embedded OCSP responder cert (not by CA cert directly) ParseResponse from ocsp package does not check if embedded OCSP responder certificate is expired.
It seems…
-
As discussed just before at the workshop, the CERN OCSP server apparently broke, which lead recent enough dcache version to eventually fail their (at least) transfers, with the default of dcache.authn…
-
While the RFC 6961/6066 CertificateStatus message is only defined for server certificates, the new formulation for TLS 1.3 where the staple is sent in the "status_request" extension body in the certif…
kaduk updated
2 months ago
-
We are looking into implementing OCSP stapling support in our application using Ruby and are wondering how to do so/whether this is possible.
I found this SO post giving the steps using openssl: ht…
-
A script to deploy the Online Responder Role (OCSP) would be good against Enterprise and Standalone CAs would be useful.
Some resources:
- https://github.com/PKISolutions/PSPKI/tree/master/PSPKI/S…
-
For large Kubernetes deployments, it's not recommended to use NFS mounts.
Having this cache be handled externally by a service would make supporting large environments easier.
Ideas:
* Object s…
-
This would implement (9) from https://gist.github.com/sleevi/5efe9ef98961ecfb4da8. Presumably it would override the OCSP AIA in the cert if both are present.
-
|[](https://github.com/oberstet)| @oberstet reported|
|-|-|
|Trac ID|trac#6802|
|Type|enhancement|
|Created|2013-10-27 13:18:06Z|
Quoting from [here]http://en.wikipedia.org/wiki/OCSP_stapling
_OCSP …
-
**Is your feature request related to a problem? Please describe.**
Similar to #258 could we also have a feature that the OCSP check loops over all "CA Issuers" found in the certificate? Currently i…
-
When reading about OCSP in general I see that each request / response pair supports the use of a nonce to help guard against replay attacks.
Hence I was surprised to read at https://github.com/clou…