summaryrefslogtreecommitdiff
path: root/test/stdout/0546
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2013-03-24 21:49:12 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2013-03-25 22:42:48 +0000
commitf5d786885721c374cc22a1f1311ca01408a496fd (patch)
tree528ec5ecb56fc077445855d16014bc9a9c86d967 /test/stdout/0546
parent26e72755c101f59e24735e9ca9a320d5f1ebc2b7 (diff)
OCSP-stapling enhancement and testing.
Server: Honor environment variable as well as running_in_test_harness in permitting bogus staplings Update server tests Add "-ocsp" option to client-ssl. Server side: add verification of stapled status. First cut server-mode ocsp testing. Fix some uninitialized ocsp-related data. Client (new): Verify stapling using only the chain that verified the server cert, not any acceptable chain. Add check for multiple responses in a stapling, which is not handled Refuse verification on expired and revoking staplings. Handle OCSP client refusal on lack of stapling from server. More fixing in client OCSP: use the server cert signing chain to verify the OCSP info. Add transport hosts_require_ocsp option. Log stapling responses. Start on tests for client-side. Testing support: Add CRL generation code and documentation update Initial CA & certificate set for testing. BUGFIX: Once a single OCSP response has been extracted the validation routine return code is no longer about the structure, but the actual returned OCSP status.
Diffstat (limited to 'test/stdout/0546')
0 files changed, 0 insertions, 0 deletions