7 Apr
2022
7 Apr
'22
9:26 a.m.
On Apr 6, 2022, at 9:20 AM, Emile Swarts <emile.swarts123@gmail.com> wrote:
We're checking certificates against an OCSP endpoint, which doesn't support nonce.
Everything works fine, and we've added this to the eap module configuration: use_nonce = no
The plan is to support multiple PKIs in the future and were wondering what the most elegant way would be to support OCSP endpoints that support nonce and ones that don't.
Is there a way to set this value at runtime based on request attributes?
Not at the moment. The "use_nonce" code is in src/main/tls.c, so it should be relatively easy to work up a patch. Alan DeKok.