https://issues.apache.org/bugzilla/show_bug.cgi?id=56233
--- Comment #8 from Kaspar Brand <[email protected]> --- (In reply to Yann Ylavic from comment #7) > However I'm wondering if calling OCSP_check_nonce() is still necessary when > the nonce is disabled. Could we simply bypass the call in this case? Yes, that's what I was trying to say in comment 5, actually. First, an OCSP response shouldn't include a nonce if the request didn't have one, and second, even in the (pathological) case where it includes an "unsolicited" nonce (which would be complete nonsense), it's best to simply skip this check. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
