[stunnel-users] OCSP Responders in AIA extension

• Previous message (by thread): [stunnel-users] OCSP Responders in AIA extension
• Next message (by thread): [stunnel-users] OCSP Responders in AIA extension
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Ender,

The AIA extension is indeed currently ignored by stunnel.
This feature is on my TODO list.  I hope to find time to implement it.
I cannot just apply the patch, as it doesn't have a license.  I also
don't accept copyleft (e.g. GPL) patches.

The configuration you described seems to be correct.

Mike

On 2014-01-20 14:22, Ender Erel wrote:
>
> I am sorry, it seems I forgot the link to the e-mail I mentioned.
>
>  
>
> https://www.stunnel.org/pipermail/stunnel-users/2008-July/002068.html
>
>  
>
> Any ideas?
>
>  
>
> Regards,
>
> Ender Erel
>
>  
>
> *From:*stunnel-users [mailto:stunnel-users-bounces at stunnel.org] *On
> Behalf Of *Ender Erel
> *Sent:* Friday, January 17, 2014 3:31 PM
> *To:* stunnel-users at stunnel.org
> *Subject:* [stunnel-users] OCSP Responders in AIA extension
>
>  
>
> Hi All,
>
>  
>
> Does stunnel check the OCSP responders found in a certificate's AIA
> field? I am asking this because in the following e-mail from back
> 2008, the sender mentions a patch that implements this functionality.
> The patch is included with the mail but I don't think it is included
> in the later versions of stunnel. Does this mean OCSP responders
> inside a receied certificate are ignored?
>
>  
>
> I also want to ask another thing. When using verify = 3 in client
> mode, which file is used to check the received certificate? Is it the
> CAfile?
>
> If so, would it work like this:
>
> -          I manually opened a connection to a server outside stunnel,
> downloaded the server's certificate, and closed the connection.
>
> -          I saved this certificate to a file, and wrote the path of
> this file in the stunnel configuration file (CAfile =
> /mycerts/tmpcert.pem,verify=3).
>
> -          I started stunnel and initiated a connection to the server.
>
> Would the connection be successful? Would it be the right way to use
> verify=3?
>
>  
>
> Kind Regards,
>
> Ender Erel
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140121/3d91deee/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140121/3d91deee/attachment.sig>

• Previous message (by thread): [stunnel-users] OCSP Responders in AIA extension
• Next message (by thread): [stunnel-users] OCSP Responders in AIA extension
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]