Hi Anthony, the OCSP server hostname contained in an authorityInfoAccess extension is resolved by the http fetcher plugin (usually libcurl) into an IP address. Thus the DNS resolver process is outside the scope of strongSwan.
Regards Andreas On 18.12.2017 18:38, Modster, Anthony wrote:
Hello Andreas If the OCSP URI is included in the authorityInfoAccess extension: ? How does strongswan obtain the IP address ? Does it need to have a DNS client installed on the host ? Can it support secure DNS Thanks -----Original Message----- From: Users [mailto:[email protected]] On Behalf Of Andreas Steffen Sent: Saturday, December 16, 2017 2:23 AM To: Modster, Anthony <[email protected]>; [email protected] Subject: Re: [strongSwan] OSCP Hello Anthony, if the OCSP URI is not included via an authorityInfoAccess extension in the end entity certificate itself then an authority section defining an OCSP URI can be added to swanctl.conf as shown in the link below https://www.strongswan.net/testing/testresults/swanctl/ocsp-signer-cert/carol.swanctl.conf Regards Andreas On 16.12.2017 00:56, Modster, Anthony wrote:Hello ? how do we setup OSCP, when using VICI Is there a writeup for this item. ? what support tools are needed on the host Thanks
-- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
