query on freeradius-server ocsp function and rlm_unbound
SIMON BABY
simonkbaby at gmail.com
Wed Aug 19 06:55:27 CEST 2020
Hello,
My name is Simon and I am new to this group. I have some basic queries
regarding the ocsp functionality in freeradius-server code.
I am referring to the file freeradius-server-3.0.17/src/main/tls.c with
below code sample.
RDEBUG2("ocsp: Using responder URL \"http://%s:%s%s\"", host, port, path);
/* Check host and port length are sane, then create Host: HTTP
header */
if ((strlen(host) + strlen(port) + 2) > sizeof(hostheader)) {
RWDEBUG("ocsp: Host and port too long");
goto skipped;
}
snprintf(hostheader, sizeof(hostheader), "%s:%s", host, port);
/* Setup BIO socket to OCSP responder */
cbio = BIO_new_connect(host);
1. How are we resolving the OCSP responder IP address from the name server
? Are we using DNS/DNSSEC (unbound APIs) ?
2. Do we really need to do DNSSEC validation for resolving OCSP domain
names?
3. May I know in which file the BIO_ APIs are implemented?
4. what is the use of the rlm_unbound module in freeradius-server package?
Can I use it for resolving OCSP name servers? If so, May I know the process
to use it.
Thank you for you time.
Regards
Simon
More information about the Freeradius-Users
mailing list