Mike Carroll wrote:
I've currently configured mod_nss-1.0.7 to replace mod_ssl in
2.2.9 and there is a configuration paramater nss.conf,
NSSOCSPDefaultURL, where you can specfic the URL for an ocsp server. In
order to route traffic out-bound from the server we have to route all
http traffic through a proxy server. However, the documentation has
been vague on this point and looking at mod_ocsp.c doesn't give me a lot
of hope eaither (Although I am not a C coder). So my question is it
possible to route OCSP trafficfrom mod_nss through an http proxy server?
if so how?
Right now mod_nss relies on the built-in NSS OCSP client which is
relatively feature-poor. I had worked on curl integration at one point
long ago but never got it to to a point where I was satisfied with its
quality. I can see about reviving this code, if I can find it, to see
what state it is in, perhaps as an experimental feature.