-
When only `-port` is used, the OCSP responder listens on `0.0.0.0`, which is limited to IPv4 and unusable in IPv6-only environments. The dual-stack wildcard address `::` would be a much better option.…
-
### Python version
3.10.3
### Operating system and processor architecture
macOS-14.7-arm64-arm-64bit
### Installed packages
```python
asn1crypto==1.5.1
certifi==2024.8.30
cffi==1.17.…
-
Section 7.1.2.8.1 OCSP Responder Validity of the TLS BR does not stipulate a maximum validity for OCSP responder certificates. This implies such a certificate can effectively be valid as long as the i…
-
### What is not working as expected?
https://github.com/notaryproject/notation-core-go/blob/453a5ebcbfdc19dfb91162b2fff8edff8b4ed083/revocation/ocsp/ocsp.go#L158-L167
I think the OCSP implementa…
-
Not necessarily core functionality (the service itself can be fully functional without it), but being able to check certificate status separately may be good; that said, the same (and determining the …
-
We are getting warning messages about OCSP Responses using the latest driver version.
These are very noisy for our clients.
```
WARNING!!! using fail-open to connect. Driver is connecting to an H…
-
A script to deploy the Online Responder Role (OCSP) would be good against Enterprise and Standalone CAs would be useful.
Some resources:
- https://github.com/PKISolutions/PSPKI/tree/master/PSPKI/S…
-
This would implement (9) from https://gist.github.com/sleevi/5efe9ef98961ecfb4da8. Presumably it would override the OCSP AIA in the cert if both are present.
-
Hi
I have two basic questions, please correct me the questions are invalid.
- Is OCSP responder is same for multiple issuers? If so how to make OCSP responder busy?
- If not how to make singe i…
-
1. A TLS JAVA client(using BCFIPS 2.0) is talking to a server which is using Hashicorp Vault issued certificate.
2. The TLS JAVA client(BCFIPS) is doing OCSP validation of the server certificate by…