On Thu, Nov 9, 2017 at 1:45 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Coty, > > On 11/9/17 12:19 PM, Coty Sutherland wrote: >> Hi, >> >> I'm trying to determine whether or not we fully support OCSP in >> tomcat-native 1.2.x on Linux. There isn't any documentation about >> it other than some on the Downloads page that says it's >> experimental on Windows: >> >> "The Windows binaries are available in two variants. a) Default. >> This is what people usually use. This version of library is >> included in Apache Tomcat distributions. b) OCSP-enabled. This one >> has enabled (experimental) support for verification of client SSL >> certificates via OCSP protocol (45392)." >> >> I see that it's enabled by default when building Linux, but for >> Windows you have to enable it in the build. >> >> Can anyone help me out here? > > Without reading anything at all (from memory), I believe it all has to > do with how OpenSSL itself was built. > > The reason we are mum on *NIX is because the consumer is expected to > provide their own OpenSSL library, while the Windows build comes from > us with a statically-linked OpenSSL (with or without OSCP compiled-in).
So technically all OCSP support is considered experimental then (since we consider OCSP support in Windows experimental where we know that openssl supports it)? It isn't just a pass through to openssl, the call to the OCSP server (for example) happens inside of tomcat-native. I have a user complaining about the fact that there's no logging in those functions, so I plan to eventually add some, but I wanted to make sure we are confident that it works correctly first :) > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloEokkACgkQHPApP6U8 > pFgdcA/+LomHqxKsVS5VMn9ZCZT3Vuwdwl6JbBL5Tfrx+r226zfEvDDP/xjrKDNm > WxD+fXhfi4Vrf+vcZEdTSr2/ubCQIIE+fgj2WYhz9XWWGgPNOK1LRgk92HvWqy9B > tSbv5+hg6T7+gP8YoNKSr32j+MicgbkNE8BGmewMJNOMKkyHTWeGZaU726kqGeFC > oCGmuUbcWWxcE6wkk48Cdsy+/oTZcvAEDu82Pfl490joBI7gCURqa2AfYpv7b3qu > oYs/T7Cm+YMZAIU/kZBtlEQUUIscc/vf2AqHM8n22Uft5s9F9e1pSnm3aWmzAF6a > fM3NifxyQl1Yabl5wTfXxm3hBTzovZJsOQhfASq1pkbNS2dRGg1s9Z4ITXzCYwVv > +whoNLocxWeFmOY8S9CQM4PaGDPEWT2Pd7dFL1ae9xBNdNuc4mnbnvk980DpCHbG > 7p6+U8T7Pun+GBC602VXDgdajfGHO6bWhwuu33H7G1JgGnPnrYaOCLupaQhXT/FC > ZQiyex2n+j3g07d269gs3UqsHxM3SA3COdogNpdfOYrdq+cYhov19G3R2O+lGd1/ > WqciphuopiUbMtDs+s88zhw5AZldwEDHdsI2bxzthjATbT7VH+BLGSR+aF8SS3H/ > ybix8mdlIP4G28Ml2q7jYzXoBji7SeTNt95Bes0xaQ6FcfaPI+Q= > =uwu2 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org