Hi everyone! Back in 2004 I've finished my diploma thesis covering OCSP integration in the EAP/TLS module of freeRADIUS. Unfortunately I never posted the patch. To get this burden off me, I've dug through the code again, did some final adjustment and just finished the patch for the v2.1.x branch. The functionality is quite simple. After a user certificate is validated correctly it is possible to check the current status as well against an OCSP responder. Here's the debug output. [tls] --> verify return:1 [tls] --> Starting OCSP Request [ocsp] --> Resonder URL = http://127.0.0.1:80/ocsp/ [ocsp] --> Certificate is valid! I've added a new subsection inside the eap/tls configuration that makes it able to set the following settings. (A detailed description can be found in the patch.) ocsp { check_ocsp = yes define_ocsp_responder = yes ocsp_url = "http://127.0.0.1/ocsp/" } I'm aware that the EAP/TLS module was extended with a verify section that states OCSP explicitly. Nevertheless I would like to see this functionality implemented directly into the rlm_eap_tls module. Please feel free to comment on the code and on this feature in general. I'm happy about any feedback! Best regards, Alex