Hi, Just saw some weirdness in OCSP response encodings with a nonce extension.
The OCSP response has this for the extensions: A1 1E 30 1C 30 1A 06 09 2B 06 01 05 05 07 30 01 02 01 01 00 <----------------------- 04 0A 04 08 A5 10 18 67 E5 A4 8B 2C The sencond last item is the 'false' (00) for the 'critical' field. 'false' is the default value (rfc 3280) so should not appear in a DER encoding. Here is another OCSP response extension and this is how it should be for DER: A1 1B 30 19 30 17 06 09 2B 06 01 05 05 07 30 01 02 04 0A 04 08 D4 4C 29 A8 C6 1A 16 56 The 'false' is not there. Note that afaik both were produced by the same version of OpenSSL but at different times. I haven't been able to reproduce the one containing the 'false' and since I cant reproduce a response like this, and the most recent one I produced was OK I'm not 100% sure what is going on. I only noticed this because my validitator used to accept the first response, now it rejects it. It reencodes the resp to DER, before checking the sig. RFC 2560 says the "signature SHALL be computed on the hash of the DER encoding...". The error I get is a bad signature. The entire ocsp response is attached. Simon McMahon
eeoknonce_x.orsp
Description: Binary data
