On Wed, Dec 12, 2012, Walter H. wrote: > Hello, > > when using > > openssl ocsp ... > > in a CGI skript, you must use -noverify > because without, this creates the line > > Response verify OK > > neither >/dev/null nor 2>&1 >file nor 2>&1 >/dev/null, let this line > "disappear" > > so this shoots either a 500 page or an invalid OCSP response is > sent, which results in Firefox either in: > > The OCSP server returned unexpected/invalid HTTP data. > (Error code: sec_error_ocsp_bad_http_response) > > or in: > > The response from the OCSP server was corrupted or improperly formed. > (Error code: sec_error_ocsp_malformed_response) > > Wireshark was a good help to find out; >
My guess from that is you're using it as a responder: there isn't much point in having it verify its own responses: what command line options are you using? Also that message is sent to stderr so you should be able to redirect it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
