You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Thijs Kinkhorst <th...@surfnet.nl> on 2017/01/02 13:17:26 UTC
Configuration of trusted OCSP responder certificates
Hi devs,
I'd like to enquire about the possibilities to merge the patch to
support configuring trusted OCSP responder certificates.
We need this change in order to be able to use OCSP with client
certificate authentication.
The patch is in
https://bz.apache.org/bugzilla/show_bug.cgi?id=46037
for a few years now and there have been several reports of it working
without problems; we're also running it for a few years and it works
fine for us.
What can we do to get this merged?
Cheers,
Thijs Kinkhorst
SURFnet bv
Re: Configuration of trusted OCSP responder certificates
Posted by Yann Ylavic <yl...@gmail.com>.
On Mon, Feb 6, 2017 at 12:09 PM, Yann Ylavic <yl...@gmail.com> wrote:
> On Mon, Feb 6, 2017 at 11:28 AM, Thijs Kinkhorst
> <th...@surfnet.nl> wrote:
>> On 02-01-17 14:17, Thijs Kinkhorst wrote:
>>> I'd like to enquire about the possibilities to merge the patch to
>>> support configuring trusted OCSP responder certificates.
>>>
>>> We need this change in order to be able to use OCSP with client
>>> certificate authentication.
>>>
>>> The patch is in
>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=46037
>>> for a few years now and there have been several reports of it working
>>> without problems; we're also running it for a few years and it works
>>> fine for us.
>>
>> Is there anyone who can help me with this? Anything we can do?
>
> The patch was committed[1], and is being reviewed (possibly proposed
> for backport to 2.4.x soon).
>
>
> Regards,
> Yann.
>
> [1] http://svn.apache.org/viewvc?r1781575
Sorry, bad link: http://svn.apache.org/r1781575
Re: Configuration of trusted OCSP responder certificates
Posted by Thijs Kinkhorst <th...@surfnet.nl>.
On 06-02-17 12:09, Yann Ylavic wrote:
>> Is there anyone who can help me with this? Anything we can do?
> The patch was committed[1], and is being reviewed (possibly proposed
> for backport to 2.4.x soon).
Great news, I missed that recent change, thanks!
Cheers,
Thijs
Re: Configuration of trusted OCSP responder certificates
Posted by Yann Ylavic <yl...@gmail.com>.
On Mon, Feb 6, 2017 at 11:28 AM, Thijs Kinkhorst
<th...@surfnet.nl> wrote:
> On 02-01-17 14:17, Thijs Kinkhorst wrote:
>> I'd like to enquire about the possibilities to merge the patch to
>> support configuring trusted OCSP responder certificates.
>>
>> We need this change in order to be able to use OCSP with client
>> certificate authentication.
>>
>> The patch is in
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=46037
>> for a few years now and there have been several reports of it working
>> without problems; we're also running it for a few years and it works
>> fine for us.
>
> Is there anyone who can help me with this? Anything we can do?
The patch was committed[1], and is being reviewed (possibly proposed
for backport to 2.4.x soon).
Regards,
Yann.
[1] http://svn.apache.org/viewvc?r1781575
Re: Configuration of trusted OCSP responder certificates
Posted by Thijs Kinkhorst <th...@surfnet.nl>.
On 02-01-17 14:17, Thijs Kinkhorst wrote:
> I'd like to enquire about the possibilities to merge the patch to
> support configuring trusted OCSP responder certificates.
>
> We need this change in order to be able to use OCSP with client
> certificate authentication.
>
> The patch is in
> https://bz.apache.org/bugzilla/show_bug.cgi?id=46037
> for a few years now and there have been several reports of it working
> without problems; we're also running it for a few years and it works
> fine for us.
Is there anyone who can help me with this? Anything we can do?
Thanks,
Thijs