Yes this does work good
openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text -url
http://127.0.0.1:8082
and returns the good though there is a verify failure.
Response Verify Failure
140735283018172:error:27069065:OCSP routines:OCSP_basic_verify:certificate
verify error:ocsp_vfy.c:126:Verify error:unable to get local issuer
certificate
*0x1000: good*
*I was looking at the OCSP Request Name Hash*
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash:* D56D19422F523984CFB9477E7D39A8176AE3811C*
Issuer Key Hash: B635A8057B0598DB0D9F2A638D35A93F22A2CCD2
Serial Number: 1000
Request Extensions:
OCSP Nonce:
0410CEEB26E6D775149E60C138F4F6D2FB14
*compared to the command *
openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text
*And they were the same but the HASH KEY is not I see*
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: *D56D19422F523984CFB9477E7D39A8176AE3811C*
Issuer Key Hash: 8298F2E699A9E615F3925B560B97BD0D673957D9
Serial Number: 1000
Request Extensions:
OCSP Nonce:
04102955DD7E36BF62D91248E67CE0C0B172
*So your saying that the program has a bug for creating the OCSP request?
But wouldn't you think if the Name Hash is the same the Key hash would be
also?
*
--
View this message in context:
http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45870.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
