Hi,
It seems certificateVerification="optionalNoCA" only works if the OCSP
is disabled.
<OpenSSLConf>
<OpenSSLConfCmd name="NO_OCSP_CHECK" value="true" />
</OpenSSLConf>
In <SSLHostConfig/>
Otherwise the OCSP check forces an error because it can't check anything...
How to "fix" that? Just document it? or return OK where we test
SSL_CVERIFY_OPTIONAL_NO_CA
(https://github.com/apache/tomcat-native/blob/main/native/src/sslutils.c#L337)?
--
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
