https://bz.apache.org/bugzilla/show_bug.cgi?id=56148
--- Comment #22 from logo <pe...@kreuser.name> --- @Chris: while this may be true for LE, I haven't read anything about terminating OCSP in browsers or any other CA. For myself I use OCSP for my internal CA (SmallStep) and I'm far more comfortable with the online version than having to recreate CRLs myself and reload them manually in Tomcat. Beware CRLs in the regular CAs are not optimized and can still become painfully big. Back to this issue, it's more or less about adapting native to the existing interface of openssl. Do you think this is a big effort? Unfortunately I have no experience with JNI... but would be interested. Just for the record: OpenSSL 3 manual: https://docs.openssl.org/3.5/man3/SSL_CTX_set_tlsext_status_cb/ My 2ct. Peter -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
