Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] OCSP stapling failure with letsencrypt
On 27/10/16 21:09, Renaud Allard wrote: > In openssl source, you can see that the call should be something like:
> OCSP_basic_verify(bs, verify_other, store, verify_flags);
That's overstating the case, "Can be". The question is, when is
is appropriate and safe from a security standpoint to verify
the OCSP proof using an alternate set-of-trust-anchors?