Should OpenConnect be doing OCSP? There's not a lot of point in people revoking all their certs after Heartbleed, if clients aren't actually *checking*, right? I think we probably should, but.... it's going to make me sad, isn't it? I'm going to have to write hundreds of lines of code to do stuff that I might na?vely have hoped would have been happening for me automatically before I even thought about it? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140508/efe1e60c/attachment-0001.bin>
