OCSP hash algorithm agility
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jan 12 09:46:00 CET 2017
>
> We don't implement OCSP. OpenSSL does. We just call the OpenSSL API. If it returns "no", there's not a lot we can do.
>
> Perhaps try upgrading OpenSSL.
Agreed, you need at least 0.9.8l for sha256
Looking through the OCSP API we can control the digest algorithms used for generating the request, so we might be able to swap the digests to SHA256, which would likely fix your issue, but agreed the OpenSSL code should be more agile.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users
mailing list