While I have only skimmed the patch so far and need more review before I can
comment on it, I do have a question on the expected use of OCSP support in
postgres. With OCSP becoming optional [0], and big providers like Let's
Encrypt deprecating OCSP [1], is this mainly targeting organizations running
their own CA with in-house OCSP?
--
Daniel Gustafsson
[0] https://lists.cabforum.org/pipermail/servercert-wg/2023-September/003998.html
[1] https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html