Am 14.10.2018 um 22:58 schrieb William A Rowe Jr:
On Sun, Oct 14, 2018 at 3:50 PM Rainer Jung <rainer.j...@kippdata.de
<mailto:rainer.j...@kippdata.de>> wrote:
And Jim already set "With 1.1.1, both return 1, but so what, we know
that it has oscp."
That, of course, is nonsense.
OpenSSL is malleable... with numerous no-{feature} choice, we really
shouldn't
presume presence of features by OpenSSL version. Otherwise, why wouldn't
we simply use a regex against `openssl version`?
Agreed, looking at the code it seems that starting with 1.1.0 (I only
checked 1.1.0i) ocsp can be disabled with no-ocsp.
Regards,
Rainer