12 Jan
2017
12 Jan
'17
3:46 a.m.
We don't implement OCSP. OpenSSL does. We just call the OpenSSL API. If it returns "no", there's not a lot we can do.
Perhaps try upgrading OpenSSL.
Agreed, you need at least 0.9.8l for sha256 Looking through the OCSP API we can control the digest algorithms used for generating the request, so we might be able to swap the digests to SHA256, which would likely fix your issue, but agreed the OpenSSL code should be more agile. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2