Hi,I'm considering using Let's Encrypt certificates for RadSec but those certificates are lacking CRL support. Only OCSP is defined (example crt attached):
Authority Information Access: OCSP - URI:http://ocsp.int-x1.letsencrypt.org/ CA Issuers - URI:http://cert.int-x1.letsencrypt.org/
I've found discusion from 2012 [1] and main reason is no longer true. Net::SSLeay do support OCSP today [2]
For EAP-TLS OCSP delay might be issue but for RadSec connection not, I think. Please can you reconsider adding OCSP support?
Thanks -- ----------------------- Jan Tomasek aka Semik http://www.tomasek.cz/ [1] https://www.mail-archive.com/radiator@open.com.au/msg17748.html[2] http://search.cpan.org/~mikem/Net-SSLeay-1.74/lib/Net/SSLeay.pod#Certificate_verification_and_Online_Status_Revocation_Protocol_(OCSP)
example.cert
Description: application/pkix-cert
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
