OCSP URL format

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Mar 29 14:59:27 CEST 2016


> On 29 Mar 2016, at 06:14, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> 
> Quick question about OCSP URLs. When overriding the cert specified OCSP
> URL, can you specify more than one just in case a server dies for example?
> 
> Just been off site  and our F5 that load balances requests to our OCSP
> service decided not to forward them hence the only way to connect to
> eduroam was to delete the TLS profile and use PEAP. Talking to all the
> individual OCSP servers worked just fine.

No, it's not currently supported.  It's not functionality available through OpenSSL, so we'd need to implement failover ourselves.

It's not just the override URL, we don't parse multiple OCSP URLs in certificates either.

Feel free to open a GitHub issue.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160329/083de594/attachment.sig>


More information about the Freeradius-Users mailing list