Hi Mathieu,
You'r right about my patch, you can use only one OCSP responder and
it's a great idea to use AIA extension in each X509 certificate.
So, i will find the time to code a new version of my patch or if you
want to code it with me, i am open :)
Le 17 juin 08 à 12:45, Mathieu GIANNE
Hello Davy,
I've a question about your patch for OCSP support :
OCSP URL is specified with "ocsp-url" option in configuration. It's OK
if you have only one CA in your PKI (and so only one OCSP responder) but
what happened if you have a real PKI with multiple CA (so potentially
more than one O
Faidon Liambotis debian.org> writes:
> In light of the Debian OpenSSL vulnerability, I was looking for a way to
> efficiently check for revoked certificates.
> Updating CRLs is one way but it's not exactly efficient.
A nice solution is the "tls-export" patch :
http://openvpn.net/archive/openvpn
