FreeRadius - Add checkbox in the GUI to enable OCSP in the EAP module

[kubkpower]

I'm using the Freeradius plugin to authenticate my VPN users (IPSec) with client certificates (EAP-TLS). The certificates are automatically provisionned on the client device via Microsoft Intune using the SCEP protocol. My PKI solution is SCEPMAN (community).

It works great, but my certificates uses OCSP instead of CRL for revocation. I already made tests using third-part Freeradius install and I know I just have to enable the OCSP check in the EAP module of Freeradius. But this option is not available in the plugin UI. Consequently my client certificates are never checked for revocation :(

Would it be possible to add a checkbox to enable the OCSP feature via the plugin UI ?
And configuring the alternate OCSP path

[mimugmail]

Which fields did you edit on eap? Just oscp enable yes and the URL or something else in addition?

[OPNsense-bot]

Thank you for creating an issue.
Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository,
please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

[kubkpower]

Which fields did you edit on eap? Just oscp enable yes and the URL or something else in addition?

Yes, it would be great. Maybe just adding the "override_cert_url" checkbox (just in case) :)
Thank you very much !

 ocsp {
                        enable = yes
                        override_cert_url = yes
                        url = "http://mypki/ocsp"
}