Changeset e932ba5 in mod_gnutls for test/authority/ocsp-responder

Timestamp:
Apr 4, 2020, 11:55:25 AM (18 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master, proxy-ticket
Children:
87d7f89
Parents:
ca0690b
Message:

Do not enforce OCSP nonces by default

The reason for this change is that in practice most public CAs do not
support OCSP nonces, which is permitted by both RFC 6960 and the
CA/Browser Forum baseline requirements. In this situation enforcing
correct nonces by default makes the automatic OCSP stapling support
mostly useless, so I'm changing the default.

(No files)

Note: See TracChangeset for help on using the changeset viewer.