Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8413

Include the configured OCSP archive cutoff extension in all OCSP responses, not only for expired certs

    Details

    • Issue discovered during:
      Another issue
    • Sprint:
      EJBCA Team Alice - 2019 w31

      Description

      We currently include the OCSP archive cutoff extension in OCSP responses sent in response to requests for an expired certificate only.

      However, there is nothing in the RFC explicitly stating that it has to be this way. The RFC says: "OCSP servers that provide support for such a historical reference SHOULD include an archive cutoff date extension in [all?] responses."

      Update the documentation accordingly and write an upgrade note.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bastianf Bastian Fredriksson
              Reporter:
              bastianf Bastian Fredriksson
              Verified by:
              Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3 hours
                  3h
                  Remaining:
                  Time Spent - 2 hours Remaining Estimate - 1 hour
                  1h
                  Logged:
                  Time Spent - 2 hours Remaining Estimate - 1 hour
                  2h