[strongSwan] OSCP

Andreas Steffen andreas.steffen at strongswan.org
Tue Dec 19 09:56:28 CET 2017


Hi Anthony,

the OCSP server hostname contained in an authorityInfoAccess
extension is resolved by the http fetcher plugin (usually libcurl)
into an IP address. Thus the DNS resolver process is outside
the scope of strongSwan.

Regards

Andreas

On 18.12.2017 18:38, Modster, Anthony wrote:
> Hello Andreas
>
> If the OCSP URI is included in the authorityInfoAccess extension:
>
> ? How does strongswan obtain the IP address
>
> ? Does it need to have a DNS client installed on the host
>
> ? Can it support secure DNS
>
> Thanks
>
> -----Original Message-----
> From: Users [mailto:users-bounces at lists.strongswan.org] On Behalf Of Andreas Steffen
> Sent: Saturday, December 16, 2017 2:23 AM
> To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
> Subject: Re: [strongSwan] OSCP
>
> Hello Anthony,
>
> if the OCSP URI is not included via an authorityInfoAccess extension in
> the end entity certificate itself then an authority section defining an
> OCSP URI can be added to swanctl.conf as shown in the link below
>
>
> https://www.strongswan.net/testing/testresults/swanctl/ocsp-signer-cert/carol.swanctl.conf
>
> Regards
>
> Andreas
>
> On 16.12.2017 00:56, Modster, Anthony wrote:
>> Hello
>>
>>
>>
>> ? how do we setup OSCP, when using VICI
>>
>>
>>
>> Is there a writeup for this item.
>>
>>
>>
>> ? what support tools are needed on the host
>>
>>
>>
>> Thanks
>>
>>
>>
>

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4150 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171219/c88f04ab/attachment-0001.bin>


More information about the Users mailing list