[Fedora-directory-users] mod_nss
Rob Crittenden
rcritten at redhat.com
Mon Aug 11 03:00:21 UTC 2008
Mike Carroll wrote:
> I've currently configured mod_nss-1.0.7 to replace mod_ssl in apache
> 2.2.9 and there is a configuration paramater nss.conf,
> NSSOCSPDefaultURL, where you can specfic the URL for an ocsp server. In
> order to route traffic out-bound from the server we have to route all
> http traffic through a proxy server. However, the documentation has
> been vague on this point and looking at mod_ocsp.c doesn't give me a lot
> of hope eaither (Although I am not a C coder). So my question is it
> possible to route OCSP trafficfrom mod_nss through an http proxy server?
> if so how?
Unfortunately, no.
Right now mod_nss relies on the built-in NSS OCSP client which is
relatively feature-poor. I had worked on curl integration at one point
long ago but never got it to to a point where I was satisfied with its
quality. I can see about reviving this code, if I can find it, to see
what state it is in, perhaps as an experimental feature.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080810/e8eb83cb/attachment.bin>
More information about the 389-users
mailing list