OCSP URL format
Alex Sharaz
alex.sharaz at york.ac.uk
Tue Mar 29 15:01:18 CEST 2016
o.k thanks
A
On 29 March 2016 at 13:59, Arran Cudbard-Bell <a.cudbardb at freeradius.org>
wrote:
>
> > On 29 Mar 2016, at 06:14, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> >
> > Quick question about OCSP URLs. When overriding the cert specified OCSP
> > URL, can you specify more than one just in case a server dies for
> example?
> >
> > Just been off site and our F5 that load balances requests to our OCSP
> > service decided not to forward them hence the only way to connect to
> > eduroam was to delete the TLS profile and use PEAP. Talking to all the
> > individual OCSP servers worked just fine.
>
> No, it's not currently supported. It's not functionality available
> through OpenSSL, so we'd need to implement failover ourselves.
>
> It's not just the override URL, we don't parse multiple OCSP URLs in
> certificates either.
>
> Feel free to open a GitHub issue.
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list