serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: svn commit: r1773567 - in /serf/branches/ocsp-verification: BRANCH-README serf.h serf_bucket_types.h src/context.c
Date Sun, 11 Dec 2016 15:14:26 GMT
On 11.12.2016 15:57, Branko ─îibej wrote:
> The caller would send the nonce into serf_ssl_ocsp_request_verify() to
> check that the response contains the same nonce. The nonce is optional
> in the OCSP request, but can be used for avoiding replay attacks.
> Apparently some OCSP responders do not handle requests with nonces, so
> we can't just implicitly include one. Other than that, OpenSSL can

... generate a random nonce using its internal random generator, which I
tend to presume is, all things being equal, appropriate for use in
crypto applications.

-- Brane

Mime
View raw message