23 Jan
2012
23 Jan
'12
9:49 a.m.
Matthew Newton wrote:
If freeradius tries to talk to an OCSP responder, and the server is not available for some reason, the ocsp check gets stuck for a while, then bombs out with (as expected) a verification failure. The two problems are that it takes quite a while for the client to be told it can't connect, and clients with good certificates can't connect.
Yeah, there's no real perfect solution.
The obvious solution is to make the ocsp server more resilient, but that's not always going to be possible.
Yup.
I've written two smallish patches against v2.1.x - ... Comments?
Committed. :) See the v2.1.x && master branches. Alan DeKok.