Could this be the reason I am having difficulty getting other applications such as stunnel to use the certificate's AIA? To rephrase the question, does this code belong within openssl or is the something that an application has to do? I am not that familar with the openssl API.
On that note, is there any documentation on the API for using OCSP? I have an client that is using libopenssl to establish a TLS connection and I would like it to send OCSP requests to the OCSP responders listed in the certificate's AIA. Thanks, Bruce On 10/29/07, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > > On Mon, Oct 29, 2007, Bruce Keats wrote: > > > Hi, > > > > I have been trying for a couple of days now to test an OCSP responder, > but I > > am having problems getting the openssl OCSP client to send the OCSP > requests > > to the OCSP responder listed in the certificate's AIA. If I use the > -url > > option with openssl ocsp command, then it will generate the OCSP > request, > > send the request to the URI and decode and print the results. Here is a > > sample command: > > > > openssl ocsp -issuer /tmp/cacert.pem -cert /tmp/bruce-cert.pem -text > > -CAfile /tmp/cacert.pem -url http://192.168.0.185:80 > > > > This works! > > > > I would have thought that if I remove the -url option from the command > then > > openssl would send the OCSP request to the list of OCSP responders in > the > > Authority Information Access (AIA) extension. Well, it does > not. Instead > > it just prints out the request and exits. I have tried various options > > without success. I have read the man page many times and did some > google > > searches without finding anything that works. I am sure I am > overlooking > > the obvious. > > > > Well the obvious in this case is that that functionality is not currently > supported. It will be added at some point though. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
