Hello, My name is Simon and I am new to this group. I have some basic queries regarding the ocsp functionality in freeradius-server code. I am referring to the file freeradius-server-3.0.17/src/main/tls.c with below code sample. RDEBUG2("ocsp: Using responder URL \"http://%s:%s%s\"", host, port, path); /* Check host and port length are sane, then create Host: HTTP header */ if ((strlen(host) + strlen(port) + 2) > sizeof(hostheader)) { RWDEBUG("ocsp: Host and port too long"); goto skipped; } snprintf(hostheader, sizeof(hostheader), "%s:%s", host, port); /* Setup BIO socket to OCSP responder */ cbio = BIO_new_connect(host); 1. How are we resolving the OCSP responder IP address from the name server ? Are we using DNS/DNSSEC (unbound APIs) ? 2. Do we really need to do DNSSEC validation for resolving OCSP domain names? 3. May I know in which file the BIO_ APIs are implemented? 4. what is the use of the rlm_unbound module in freeradius-server package? Can I use it for resolving OCSP name servers? If so, May I know the process to use it. Thank you for you time. Regards Simon