[openssl-users] Question on necessity of SSL_CTX_set_client_CA_list
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Dec 5 16:59:15 UTC 2018
> On Dec 5, 2018, at 4:49 AM, Jan Just Keijser <janjust at nikhef.nl> wrote:
>
> The only reason to use OCSP I currently have is in Firefox: if you turn off
> "Query OCSP responder servers" in Firefox then EV certificates will no longer
> show up with their owner/domain name.
IIRC Apple's Safari is ending support for EV, and some say that EV
has failed, and are not sorry to see it go.
> Now the question is: does Firefox get OCSP "right" ;) ?
Very likely yes. The Firefox TLS stack is maintained by experts.
[ Also, FWIW, Firefox uses the "nss" library, not OpenSSL. ]
--
Viktor.
More information about the openssl-users
mailing list