Bug ID: 2350
Summary: OCSP Problem for outgoing mails
when I use OCSP-Must-Stable certificates with
the OID setting:
for the CSR to get a certificate, I must use later use
If I have not got a valid tls_ocsp_file than the stapling fails and an
increasing amount of mailclients can't connect to the SMTP port, because of
failing TLS verification.
So there is no problem for the incoming way (if you take care of having a valid
staple-file), but what happens when I connect to another SMTP Server and I am
requested to show my certificate?
In the remote_smtp transport section, I am not able to enable stapling.
option "tls_ocsp_file" unknown
So, I show an OCSP-Must-Staple Certificate, but the OCSP stapled part is
missing. In a way I show an invalid cert.
Actually it didn't show any problem, but that could change fast, during the
increasing deployment of safer TLS implementations.
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists: