OCSP validation via AIA responders through a proxy
Olops, Daniel
olopsd at amazon.com
Thu Apr 11 16:47:01 UTC 2019
Hello,
I'm finding conflicting information on whether OpenSSL can perform OCSP validation via AIA responders through a proxy. An open issue at GitHub suggests that this is an open feature request (https://github.com/openssl/openssl/issues/6965), however I've seen people saying that a proxy can be specified when using "openssl ocsp" by passing "-host <proxy_host>:<proxy_port>" and "-path <OCSP_AIA_URL>". Which one is correct?
If context matters, this is about having support in stunnel for performing OCSP validation via AIA responders through a proxy. Currently it ignores any *_proxy variables, and consequently validation fails when there's no direct internet access. Research I've done so far suggests that the limitation lies in OpenSSL, not stunnel, hence this email.
Regards,
Daniel O.
Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg, R.C.S. Luxembourg B186284
Amazon Web Services EMEA SARL, Irish Branch, One Burlington Plaza, Burlington Road, Dublin 4, Ireland, branch registration number 908705
More information about the openssl-users
mailing list