petkivim
commented
6 years ago All the issues from the Joint Development backlog are transferred to new X-Road backlog. Before enhancement requests are accepted to the backlog they are evaluated by the Working Group.
If this enhancement request is still valid, please sign up for an account first, and then submit it to the X-Road Service Desk. You will be notified by email once the Working Group has processed your request.
Affected components: Security Server Affected documentation: - Estimated delivery: - External reference: https://jira.ria.ee/browse/XTE-343
Problem Sometime during TLS handshake valid AUTH certificate can be handled as non valid. It can happens when Client SServer uses Service SServer OCSP from own OCSP cache, but when handshake is started, on this moment, Service SServer side OCSP can be already expired (i.e. valid for last second).
Its cause error log and message transaction is failed. Fault message "Service provider did not send correct authentication certificate"
Acceptance criteria Better control of OCSP validity check.