OCSP URL format

Alex Sharaz alex.sharaz at york.ac.uk
Fri Apr 1 13:22:48 CEST 2016


Yup but as it says

# Warning: this may enable clients with revoked
# certificates to connect if the OCSP responder is not
# available. Use with caution.
#
Think I'd rather have ability to try another OCSP server at this point.

On 1 April 2016 at 12:02, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> On Fri, Apr 01, 2016 at 10:01:01AM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
>> > Did have a load balancer (F5) was all working and then some thing changed and all the FR severs forwarding OCSP requests ( like from
>> > Networkshop in Manchester  :/)) ) stopped working. Our systems people fixed it ... But it was working. Just glad we didn't have shedloads of people using EAP-TLS :-))
>>
>> you could fail open as a safety guard?
>
> That's why we've got the softfail option :)
>
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/eap#L538-L549
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list