Those darned customers are asking for it! I do understand the privacy exposure. Don't know if the customers do or do not. Charles -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Viktor Dukhovni Sent: Monday, December 3, 2018 12:40 PM To: openssl-users@xxxxxxxxxxx Subject: Re: Question on necessity of SSL_CTX_set_client_CA_list > On Dec 3, 2018, at 3:35 PM, Charles Mills <charlesm@xxxxxxx> wrote: > > OCSP and OCSP stapling are currently higher on my wish list than this. Good luck with OCSP, the documentation could definitely be better, and various projects get it wrong. IIRC curl gets OCSP right, so you could look there for example code, some other projects go through the motions, but don't always achieve a robust result. [ FWIW, I don't care much for OCSP, it's often not required, so it is then not clear what security properties it provides. ] -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
