Hi,
In light of the Debian OpenSSL vulnerability, I was looking for a way to
efficiently check for revoked certificates.
Updating CRLs is one way but it's not exactly efficient.
I've found that someone has actually implemented OCSP for OpenVPN[1].
Is there any specific reason that this hasn't been merged?
I saw evidence on the openvpn-devel archives that this was submitted
almost a year ago but I didn't see any reviews or comments whatsoever.
James, perhaps this should be included in -rc9?
Regards,
Faidon
1: http://www.block64.net/
