[openssl-users] Question on necessity of SSL_CTX_set_client_CA_list

Viktor Dukhovni openssl-users at dukhovni.org
Mon Dec 3 20:40:09 UTC 2018


> On Dec 3, 2018, at 3:35 PM, Charles Mills <charlesm at mcn.org> wrote:
> 
> OCSP and OCSP stapling are currently higher on my wish list than this.

Good luck with OCSP, the documentation could definitely be better, and
various projects get it wrong.  IIRC curl gets OCSP right, so you
could look there for example code, some other projects go through the
motions, but don't always achieve a robust result.

[ FWIW, I don't care much for OCSP, it's often not required, so it is
  then not clear what security properties it provides. ]

-- 
	Viktor.



More information about the openssl-users mailing list