query on freeradius-server ocsp function and rlm_unbound

SIMON BABY simonkbaby at gmail.com
Wed Aug 19 06:55:27 CEST 2020


Hello,

My name is Simon and I am new to this group. I have some basic queries
regarding the ocsp functionality in freeradius-server code.

I am referring to the file freeradius-server-3.0.17/src/main/tls.c with
below code sample.

 RDEBUG2("ocsp: Using responder URL \"http://%s:%s%s\"", host, port, path);

        /* Check host and port length are sane, then create Host: HTTP
header */
        if ((strlen(host) + strlen(port) + 2) > sizeof(hostheader)) {
                RWDEBUG("ocsp: Host and port too long");
                goto skipped;
        }
        snprintf(hostheader, sizeof(hostheader), "%s:%s", host, port);

        /* Setup BIO socket to OCSP responder */
        cbio = BIO_new_connect(host);


1. How are we resolving the OCSP responder IP address from the name server
? Are we using DNS/DNSSEC (unbound APIs) ?
2. Do we really need to do DNSSEC  validation for resolving OCSP domain
names?
3. May I know in which file the BIO_ APIs are implemented?
4. what is the use of the rlm_unbound module in freeradius-server package?
Can I use it for resolving OCSP name servers? If so, May I know the process
to use it.

Thank you for you time.

Regards
Simon


More information about the Freeradius-Users mailing list