OCSP validation via AIA responders through a proxy

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OCSP validation via AIA responders through a proxy

OpenSSL - User mailing list
Hello,

I'm finding conflicting information on whether OpenSSL can perform OCSP validation via AIA responders through a proxy. An open issue at GitHub suggests that this is an open feature request (https://github.com/openssl/openssl/issues/6965), however I've seen people saying that a proxy can be specified when using "openssl ocsp" by passing "-host <proxy_host>:<proxy_port>" and "-path <OCSP_AIA_URL>". Which one is correct?

If context matters, this is about having support in stunnel for performing OCSP validation via AIA responders through a proxy. Currently it ignores any *_proxy variables, and consequently validation fails when there's no direct internet access. Research I've done so far suggests that the limitation lies in OpenSSL, not stunnel, hence this email.

Regards,

Daniel O.




Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg, R.C.S. Luxembourg B186284

Amazon Web Services EMEA SARL, Irish Branch, One Burlington Plaza, Burlington Road, Dublin 4, Ireland, branch registration number 908705