Hi all,
Just a quick update.
Generally, things are moving forward nicely. OCSP protocol is working
(at a basic level) for:
- pure JSSE
- Tomcat Native / OpenSSL with JSSE trust
- Tomcat Native / OpenSSL with OpenSSL trust
- FFM / OpenSSL with JSSE trust
- FFM / OpenSSL with OpenSSL trust
I'm starting to look at aligning checks that JSSE and OpenSSL perform
and I am starting to reach the limits of what is possible with
pre-generated OCSP responses - particularly time based validation.
I think I am going to need to re-work the OCSP tests to use a "real"
OCSP responder. My plan is to use openssl (since it is required for
these tests anyway) and an expanded set of keys/certs we current use for
the other TLS tests.
We are starting to see dependencies on new Tomcat Native features so
some of the changes to 12.0.x will need to wait until the next Tomcat
Native release is available. I do plan to commit the changes I can as
soon as I am confident that they are stable.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
