[RADIATOR] Support for OCSP
Jan Tomasek
jan at tomasek.cz
Tue May 17 02:40:35 CDT 2016
Hi,
I'm considering using Let's Encrypt certificates for RadSec but those
certificates are lacking CRL support. Only OCSP is defined (example crt
attached):
> Authority Information Access:
> OCSP - URI:http://ocsp.int-x1.letsencrypt.org/
> CA Issuers - URI:http://cert.int-x1.letsencrypt.org/
I've found discusion from 2012 [1] and main reason is no longer true.
Net::SSLeay do support OCSP today [2]
For EAP-TLS OCSP delay might be issue but for RadSec connection not, I
think. Please can you reconsider adding OCSP support?
Thanks
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
[1] https://www.mail-archive.com/radiator@open.com.au/msg17748.html
[2]
http://search.cpan.org/~mikem/Net-SSLeay-1.74/lib/Net/SSLeay.pod#Certificate_verification_and_Online_Status_Revocation_Protocol_(OCSP)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: example.cert
Type: application/pkix-cert
Size: 1802 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20160517/1229ebde/attachment.bin
More information about the radiator
mailing list