Add ocsp=3 configuration parameter for multi-OCSP
ocsp=3 extends ocsp=2 by require all not-trusted certificates in the server certificate chain to receive a good OCSP status. This requires support for ocsp_multi (RFC 6961). This commit is only adding the configuration value, but all the currently included TLS library wrappers are rejecting this as unsupported for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
02683830b5
commit
d6b536f7e5
6 changed files with 26 additions and 1 deletions
|
|
@ -3890,6 +3890,12 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|||
if (conn == NULL)
|
||||
return -1;
|
||||
|
||||
if (params->flags & TLS_CONN_REQUIRE_OCSP_ALL) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"OpenSSL: ocsp=3 not supported");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* If the engine isn't explicitly configured, and any of the
|
||||
* cert/key fields are actually PKCS#11 URIs, then automatically
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue