You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It can happen that polling takes quite some time (say, a week) before the final response arrives.
During this time, CRLs specified in the CMP and SSL contexts may expire and should be refreshed in order to support meaningful TLS session renegotiation (if applicable) and cert checking at CMP level.
Moreover, at least CRLs held in theses contexts can be quite large and use hundreds of kB of memory, which may be a problem on constrained devices, so it would be nice if they could be released while waiting for the next poll cycle.
To solve these issues, would be good to release CRLs every time a "waiting" response has been received where the "checkAfter" period is longer than a configurable time, and to fetch them again when doing the ness poll request.
Moreover, the device/system/application doing the CMP request might get restarted in the meantime, so wold be nice if a resumption of the pending cert request activity was possible, which requires persistent storage of status data like the type of request, request ID, transaction ID, and sender nonce.
It can happen that polling takes quite some time (say, a week) before the final response arrives.
To solve these issues, would be good to release CRLs every time a "waiting" response has been received where the "checkAfter" period is longer than a configurable time, and to fetch them again when doing the ness poll request.
Moreover, the device/system/application doing the CMP request might get restarted in the meantime, so wold be nice if a resumption of the pending cert request activity was possible, which requires persistent storage of status data like the type of request, request ID, transaction ID, and sender nonce.
Reported by: DDvO
Original Ticket: cmpforopenssl/feature-requests/31
The text was updated successfully, but these errors were encountered: