On Mon, Nov 08, 2004, Thilo Stäbler wrote: > hi! > i would like to know, why I need a issuer certificate when querying an > ocsp server for certificate validation?
Because the query format in the OCSP standards requires three pieces of information: 1. The hash of the issuer name in the certificate being checked. 2. The hash of the public key of the issuer certificate. 3. The serial number of the certificate being checked. For #2 you need the issuer certificate. This is defined in RFC2560 4.1.1. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
