Add ocsp=3 configuration parameter for multi-OCSP
ocsp=3 extends ocsp=2 by require all not-trusted certificates in the server certificate chain to receive a good OCSP status. This requires support for ocsp_multi (RFC 6961). This commit is only adding the configuration value, but all the currently included TLS library wrappers are rejecting this as unsupported for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
02683830b5
commit
d6b536f7e5
6 changed files with 26 additions and 1 deletions
|
|
@ -586,6 +586,8 @@ fast_reauth=1
|
|||
# 0 = do not use OCSP stapling (TLS certificate status extension)
|
||||
# 1 = try to use OCSP stapling, but not require response
|
||||
# 2 = require valid OCSP stapling response
|
||||
# 3 = require valid OCSP stapling response for all not-trusted
|
||||
# certificates in the server certificate chain
|
||||
#
|
||||
# sim_num: Identifier for which SIM to use in multi-SIM devices
|
||||
#
|
||||
|
|
@ -1084,6 +1086,8 @@ fast_reauth=1
|
|||
# 0 = do not use OCSP stapling (TLS certificate status extension)
|
||||
# 1 = try to use OCSP stapling, but not require response
|
||||
# 2 = require valid OCSP stapling response
|
||||
# 3 = require valid OCSP stapling response for all not-trusted
|
||||
# certificates in the server certificate chain
|
||||
#
|
||||
# openssl_ciphers: OpenSSL specific cipher configuration
|
||||
# This can be used to override the global openssl_ciphers configuration
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue