OCSP conditional use_nonce

Alan DeKok aland at deployingradius.com
Thu Apr 7 13:26:52 UTC 2022

On Apr 6, 2022, at 9:20 AM, Emile Swarts <emile.swarts123 at gmail.com> wrote:
> We're checking certificates against an OCSP endpoint, which doesn't support
> nonce.
> Everything works fine, and we've added this to the eap module configuration:
>      use_nonce = no
> The plan is to support multiple PKIs in the future and were wondering what
> the most elegant way would be to support OCSP endpoints that support nonce
> and ones that don't.
> Is there a way to set this value at runtime based on request attributes?

  Not at the moment.

  The "use_nonce" code is in src/main/tls.c, so it should be relatively easy to work up a patch.

  Alan DeKok.

More information about the Freeradius-Users mailing list