Fyi, I added support for certificate validation through OCSP, where the OCSP server URI is contained in the certificate itself (following the X.509 standard).
The patch is available on (for 2.0.49, but most of it is in separate files, thus it should be easy to add to 1.3).

The check is optional.
There is also a parameter to decide if the authentication fails or not when the server cannot be reached.

The code allows conditional compilation (full code enclosed in #ifdef).

This was developed for the Belgium Government and distributed publicly from January 2004. No bug has been reported since.

The code supports a proxy, although the option was not added in the config file.
Another option in the config file could be to use a specified URI in case it is not present in the certificate.

If you have any remarks about it, just send me an e-mail.

Marc Stern

CSC Computer Sciences Corporation Belgium
Security Solutions Group Manager / Network and System Architect

mobile: +32 (0)475 68 29 10    -    Phone: +32 (0)2 714 74 91
e-mail: [EMAIL PROTECTED]    -    fax: +32 (0)2 714 71 01
Hippokrateslaan,14   -   B-1932 Sint-Stevens-Woluwe   -  Belgium

This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.

Reply via email to