[Bug 67061] SSLVerifyClient="optionalNoCA" still not doing what it should

bugzilla Tue, 26 Sep 2023 03:43:52 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=67061


--- Comment #2 from Mark Thomas <ma...@apache.org> ---
You need to disable OCSP else optionalNoCA will always fail. Nest the following
in your SSLHostConfig element in server.xml

<OpenSSLConf>
    <OpenSSLConfCmd name="NO_OCSP_CHECK" value="true"/>
</OpenSSLConf>

Tomcat Native should probably (just confirming that with a discussion on the
dev@ list) do this automatically.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67061] SSLVerifyClient="optionalNoCA" still not doing what it should

Reply via email to