Hi Max, I realize that HTTP may be "just enough" for CRL publishing. But LDAP and HTTPS are valid options too. And there are quite a few products that support both.
The "revocation loop" that you refer to in your previous mail, in fact may be a problem for certain client applications, but it's hardly an issue for OCSP daemon itself. As for your concern on portability - cURL library is highly portable (it's available for Linux, Solaris, FreeBSD, OS/2, MacOS, AIX and even Windows - check http://curl.haxx.se/download.html). It greatly simplifies your application code and is actively maintained. Another advantage of using it - it gives you full support of all HTTP features (e.g. authentication) as well as support for other protocols - e.g. FTP and FTPS. You may also use it for LDAP and LDAPS support (instead of directly interfacing OpenLDAP API) - though this is completely up to you. Cheers, Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Massimiliano Pala Sent: Tuesday, December 04, 2007 04:17 To: OpenCA Developers Subject: Re: [OpenCA-Devel] HTTPS support for OCSPD Hi Alex, sorry for the delay in my answer. Indeed I have seen that you already sent the code in the list. I am actually in the process (well, I should start in the next few weeks) to port the OCSPD to use LibPKI to simplify keymanagement and hardware integration. I am not sure if I want to integrate the cURL library usage in LibPKI to support HTTPS or coding HTTPS support within the library directly (so that we do not add another required library which might not be available on all systems). If you (in the general sense, all list) want to actually add the cURL package dependancy, I could add it to the current OCSP code before start porting the code to the new LibPKI - I am still not sure this is the direction I want to go, but I'd like to have an opinion from you guys. Later, Max Alex Agranov wrote: > Hi, > > I did a small change to the OCSPD v1.5.1rc1 source code that replaces built-in HTTP > protocol implementation by a cURL library. Major purpose for this change - support of > HTTPS protocol as well as authentication support for HTTP. I checked the modified code > in my environment and it seems to work nicely. > > Would anybody be interested in this change? Cheers, Alex Agranov -- Best Regards, Massimiliano Pala --o--------------------------------------------------------------------- --- Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] [EMAIL PROTECTED] Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883 PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179 --o--------------------------------------------------------------------- --- ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
