Issac Goldstand wrote: > > OK... I think I get it... Now, the openssl site mentions an ocsp > command for openssl, which I would assume would enable it to launch an > ocsp response server. Firstly, I have openssl-0.9.6c-engine, and yet > cannot find ocsp by me? Is it part of the planned 0.9.7? If so, is > there a stable-looking release that includes it? Can anyone give me the > basic basics on how it is meant to be used, and if it will work with the > index.txt file mainained by openssl's "mini-ca" ca command? > > Thanks for all the help, you guys are great! > Issac >
It is part of 0.9.7. There is a test reponder supported by the 'openssl' command of 0.9.7 which can indeed read status information from the index.txt file. However its only useful for test purposes in its current form, for example it will only accept one incoming connection. It would be possible to use it for more serious applications by wrapping it in a CGI script from a webserver though. It wont work well under heavy load or for a large number of certificates though. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
