Mike Carroll wrote:
I've currently configured mod_nss-1.0.7 to replace mod_ssl in apache 2.2.9 and there is a configuration paramater nss.conf, NSSOCSPDefaultURL, where you can specfic the URL for an ocsp server. In order to route traffic out-bound from the server we have to route all http traffic through a proxy server. However, the documentation has been vague on this point and looking at mod_ocsp.c doesn't give me a lot of hope eaither (Although I am not a C coder). So my question is it possible to route OCSP trafficfrom mod_nss through an http proxy server? if so how?
Unfortunately, no.Right now mod_nss relies on the built-in NSS OCSP client which is relatively feature-poor. I had worked on curl integration at one point long ago but never got it to to a point where I was satisfied with its quality. I can see about reviving this code, if I can find it, to see what state it is in, perhaps as an experimental feature.
rob
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
