OCSP conditional use_nonce
Alan DeKok
aland at deployingradius.com
Thu Apr 7 13:26:52 UTC 2022
On Apr 6, 2022, at 9:20 AM, Emile Swarts <emile.swarts123 at gmail.com> wrote:
> We're checking certificates against an OCSP endpoint, which doesn't support
> nonce.
>
> Everything works fine, and we've added this to the eap module configuration:
> use_nonce = no
>
> The plan is to support multiple PKIs in the future and were wondering what
> the most elegant way would be to support OCSP endpoints that support nonce
> and ones that don't.
>
> Is there a way to set this value at runtime based on request attributes?
Not at the moment.
The "use_nonce" code is in src/main/tls.c, so it should be relatively easy to work up a patch.
Alan DeKok.
More information about the Freeradius-Users
mailing list