httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: mod_ssl & CRL verification
Date Tue, 26 Feb 2008 19:08:44 GMT
On Tue, Feb 26, 2008 at 1:57 PM, Joe Orton <jorton@redhat.com> wrote:
>  Right, that is exactly my view.  I think that any attempt to make
>  mod_ssl treat CRLs as anything other than static files loaded once at
>  startup will end up trying to reinvent OCSP badly.
>
>  If a free OCSP responder existed which actually did this maybe those
>  "make CRL handling better" bug reports would go away :)

FWIW I have experimented with this recently and found ocspd from
openca.org was able to frontend a CRL-as-static-file
 satisfactorily (albeit for a different security library and SSL
application).  It seems to be BSD-like and gratis.

Unfortunately I stopped short of trying to frontend a CRL-over-LDAP,
but it does purport to do this as part of its core functionality.

https://www.openca.org/projects/ocspd/downloads.shtml

-- 
Eric Covener
covener@gmail.com

Mime
View raw message