[RADIATOR] Support for OCSP

Jan Tomasek jan at tomasek.cz
Tue May 17 02:40:35 CDT 2016


I'm considering using Let's Encrypt certificates for RadSec but those 
certificates are lacking CRL support. Only OCSP is defined (example crt 

>  Authority Information Access:
> OCSP - URI:http://ocsp.int-x1.letsencrypt.org/
> CA Issuers - URI:http://cert.int-x1.letsencrypt.org/

I've found discusion from 2012 [1] and main reason is no longer true. 
Net::SSLeay do support OCSP today [2]

For EAP-TLS OCSP delay might be issue but for RadSec connection not, I 
think. Please can you reconsider adding OCSP support?

Jan Tomasek aka Semik

[1] https://www.mail-archive.com/radiator@open.com.au/msg17748.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: example.cert
Type: application/pkix-cert
Size: 1802 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20160517/1229ebde/attachment.bin 

More information about the radiator mailing list