On 3 January 2015 at 21:45, Walter H. <walte...@mathemainzel.info> wrote:
> On 03.01.2015 18:16, Richard Moore wrote: > > I've now got this working, though to do so I seem to have to take the > certificates supplied in the OCSP response directly out of the certs field > of the OCSP_BASICRESP and add these as intermediates for the verification > too. It feels bad to directly access the internals of this struct but there > doesn't seem to be another way (unless someone can enlighten me). > > Cheers > > Rich. > > the certificate you want to test its validity with OCSP has the same > intermediate CA cert. as the OCSP responder certificate you use in OCSP > response > Simply specifying the intermediates from the certificate chain of the server doesn't appear to actually work - that's what I tried first. Sadly I've not seen any documentation or examples of how to use this part of openssl. Cheers Rich.
_______________________________________________ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
