Mike Carroll wrote: > I've currently configured mod_nss-1.0.7 to replace mod_ssl in apache > 2.2.9 and there is a configuration paramater nss.conf, > NSSOCSPDefaultURL, where you can specfic the URL for an ocsp server. In > order to route traffic out-bound from the server we have to route all > http traffic through a proxy server. However, the documentation has > been vague on this point and looking at mod_ocsp.c doesn't give me a lot > of hope eaither (Although I am not a C coder). So my question is it > possible to route OCSP trafficfrom mod_nss through an http proxy server? > if so how? Unfortunately, no. Right now mod_nss relies on the built-in NSS OCSP client which is relatively feature-poor. I had worked on curl integration at one point long ago but never got it to to a point where I was satisfied with its quality. I can see about reviving this code, if I can find it, to see what state it is in, perhaps as an experimental feature. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080810/e8eb83cb/attachment.bin
