Re: OCSP response signature algorithm

o use SHA1withRSA signature algorithm > if the certificate is signed by this algorithm? > > [1] https://tools.ietf.org/html/rfc6960#section-4.4.7.2 > > On Sat, Jul 4, 2020 at 12:18 AM John Jiang > wrote: > >> Hi, >> I'm using OpenSSL 1.1.1. >> >> Can I c

Re: OCSP response signature algorithm

, Jul 4, 2020 at 12:18 AM John Jiang wrote: > Hi, > I'm using OpenSSL 1.1.1. > > Can I configure the OCSP response signature algorithm? > For a RSA issuer, it looks SHA256withRSA always be selected. > > PreferredSignatureAlgorithms extension in OCSP request may affect t

RE: OCSP response signature algorithm

unsubscribe openssl-users From: openssl-users On Behalf Of John Jiang Sent: Friday, July 3, 2020 12:19 PM To: openssl-users Subject: OCSP response signature algorithm Hi, I'm using OpenSSL 1.1.1. Can I configure the OCSP response signature algorithm? For a RSA issuer, it

OCSP response signature algorithm

Hi, I'm using OpenSSL 1.1.1. Can I configure the OCSP response signature algorithm? For a RSA issuer, it looks SHA256withRSA always be selected. PreferredSignatureAlgorithms extension in OCSP request may affect this algorithm in OpenSSL OCSP response. However, I prefer to use configur

Re: [openssl-users] OCSP response signed by self-signed trusted responder validation

Thanks again Rich. If anyone else has any ideas please share. From: "Salz, Rich" Date: Tuesday, December 4, 2018 at 12:56 PM To: "anipa...@cisco.com" , "openssl-users@openssl.org" Subject: Re: [openssl-users] OCSP response signed by self-signed trusted respond

Re: [openssl-users] OCSP response signed by self-signed trusted responder validation

Perhaps you can build a trust store to handle your needs. I am not sure. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OCSP response signed by self-signed trusted responder validation

ion of OCSP responses, is this not what this trust setting is for? Thanks, Animesh From: "Salz, Rich" Date: Tuesday, December 4, 2018 at 12:39 PM To: "anipa...@cisco.com" , "openssl-users@openssl.org" Subject: Re: [openssl-users] OCSP response signed by self-signe

Re: [openssl-users] OCSP response signed by self-signed trusted responder validation

The responder isn’t supposed to be self-signed. It’s supposed to be signed by the CA issuing the certs. That way you know that the CA “trusts” the responder. Now, having said that, what you want to do is reasonable – think of it as “out of band” trust. You will probably have to modify the sou

[openssl-users] OCSP response signed by self-signed trusted responder validation

Have a question with implementing an OCSP requestor that can handle validating an OCSP response that is not signed by the CA who issued the certificate that we are requesting the OCSP status for but rather, the OCSP response is signed by a self-signed trusted responder that includes the OCSP

[openssl-users] How to get OCSP response in CMS through openssl library in C++

> Hello, > > I've been developing some broadcast apps signing logic on a TV. > > Actually, I should receive and verify the signing information such as > certificates and ocsp responses which are included in CMS signed data > format. > These application data are sent to TV with certain frequency wit

[openssl-users] OCSP Response Signed using RSASSA-PSS

First, I know the caveat about ONLY use the OpenSSL OCSP Server for test purposes. With that out of the way. Is there any known plan on the horizon, when using the ocsp server, to allow the OCSP response to be signed using the RSASSA-PSS signature algorithm? Thanks for any and all

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

On 12/09/2017 15:56, Robert Moskowitz wrote: On 09/12/2017 09:38 AM, Robert Moskowitz wrote: On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote: On Mon, Sep 11, 2017, Robert Moskowitz wrote: I would actually really like to have a SIMPLE OCSP responder.  But so far have not found one.  freeI

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

On 09/12/2017 09:38 AM, Robert Moskowitz wrote: On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote: On Mon, Sep 11, 2017, Robert Moskowitz wrote: I would actually really like to have a SIMPLE OCSP responder. But so far have not found one. freeIPA has one buried within it, but that is too d

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote: On Mon, Sep 11, 2017, Robert Moskowitz wrote: I would actually really like to have a SIMPLE OCSP responder. But so far have not found one. freeIPA has one buried within it, but that is too disruptive to install unless you buy into freeIPA.

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

On Mon, Sep 11, 2017, Robert Moskowitz wrote: > > I would actually really like to have a SIMPLE OCSP responder. But > so far have not found one. freeIPA has one buried within it, but > that is too disruptive to install unless you buy into freeIPA. > Well the OpenSSL ocsp respoder isn't much u

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

On 09/11/2017 12:23 PM, Salz, Rich via openssl-users wrote: Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at least the server should have some control over the hash used? Well, it is the client that is making the request, so therefore the client n

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at least the server should have some control over the hash used? Well, it is the client that is making the request, so therefore the client needs to hash the cert information. A production-quality OCSP respo

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

isted in the -help: -rmd valDigest Algorithm to use in signature of OCSP response but not in the man page. Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at least the server should have some control over the hash used? thanks Bob -- openssl-users ma

Re: [openssl-users] Why is this OCSP response reporting a hash using SHA1?

On Fri, Sep 08, 2017, Robert Moskowitz wrote: > I am using the test responder: > >openssl ocsp -port 2560 -text -rmd sha256\ > -index index.txt \ > -CA certs/ca-chain.cert.pem \ > -rkey private/$ocspurl.key.pem \ > -rsigner certs/$ocspurl.cert.pem \ >

[openssl-users] Why is this OCSP response reporting a hash using SHA1?

comes right after the line: Certificate ID: openssl ocsp -CAfile certs/ca-chain.cert.pem \ -url http://127.0.0.1:2560 -resp_text \ -issuer certs/8021ARintermediate.cert.pem \ -cert certs/$targetcert.cert.pem OCSP Response Data: OCSP Response Status: successful

Re: [openssl-users] Certificate Transparency: OCSP response

Please, send mesaage! -- View this message in context: http://openssl.6102.n7.nabble.com/Certificate-Transparency-OCSP-response-tp66295p66328.html Sent from the OpenSSL - User mailing list archive at Nabble.com. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman

[openssl-users] Certificate Transparency: OCSP response

I want to test all 3 types of CT. I know how to implement two: TLS extension & X.509 extension. But how to implement OCSP response? I can add response file, but how to change OID? -- View this message in context: http://openssl.6102.n7.nabble.com/Certificate-Transparency-OCSP-response-tp6

Re: [openssl-users] Where to find the OCSP response signer cert if the OCSP response does not contain one?

On 28/10/2015 10:24, M K Saravanan wrote: Hi, Upon checking the wireshark capture, I found the OCSP response does not send signer cert, but only the responderID (byKey). In such scenario, where do I find the OCSP response signer cert? Clarifying my own question. https://tools.ietf.org/html

Re: [openssl-users] Where to find the OCSP response signer cert if the OCSP response does not contain one?

Hi, > Upon checking the wireshark capture, I found the OCSP response does not send > signer cert, but only the responderID (byKey). > > In such scenario, where do I find the OCSP response signer cert? Clarifying my own question. https://tools.ietf.org/html/rfc6960#section-

[openssl-users] Where to find the OCSP response signer cert if the OCSP response does not contain one?

Hi, If the OCSP responder does not send the response signer certificate in the OCSP response, then how can we find the signer certificate? I was doing a simple test to verify google certificate via OCSP like this: $ openssl ocsp -issuer ./www.google.com.sg-issuer.cer -CAfile ./ca.cer -cert

openSSL OCSP utility not sending OCSP Response when connect call is non-blocking.

Hi, I am using openSSL OCSP utility as server. Whenever I do a blocking TCP connect to establish TCP connection with openSSL OCSP utility and then send OCSP request , openSSL OCSP utility sending a OCSP response. But when I do a non blocking TCP connect make sure that OCSP request is written

Re: Parsing ocsp response data to locate the correct one

On 5/03/2013 10:56 PM, Dr. Stephen Henson wrote: > On Tue, Mar 05, 2013, Geoff Swan wrote: > >> Hi, >> >> I have an ocsp response in memory. The response may contain 1 or more >> (probably about 20) ocsp responses for certificates based on the same >> issuer

Parsing ocsp response to locate the correct one

Hi, I have an ocsp response in memory. The response may contain 1 or more (probably about 20) ocsp responses for certificates based on teh same issuer name and issuer key. I need to locate the response that is relevant for the certificate of interest. Is the usual method to parse each response

RE: Parsing ocsp response data to locate the correct one

> I need to locate the response that is relevant for the certificate of > interest Is the usual method > to parse each response and match the cert serial number to find the index to > the correct ocsp response? Yes. -- Principal Security Engineer Akamai Technology C

Re: Parsing ocsp response data to locate the correct one

On Tue, Mar 05, 2013, Geoff Swan wrote: > Hi, > > I have an ocsp response in memory. The response may contain 1 or more > (probably about 20) ocsp responses for certificates based on the same > issuer name and issuer key. > > I need to locate the response that is relevant f

Parsing ocsp response data to locate the correct one

Hi, I have an ocsp response in memory. The response may contain 1 or more (probably about 20) ocsp responses for certificates based on the same issuer name and issuer key. I need to locate the response that is relevant for the certificate of interest. Is the usual method to parse each response

Re: [openssl-users] View OCSP response in CMS

(1.3.6.1.5.5.7.16.2) otherRevInfo: SEQUENCE: 0:d=0 hl=4 l=1079 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: ENUMERATED:00 7:d=1 hl=4 l=1072 cons: cont [ 0 ] 11:d=2 hl=4 l=1068 cons: SEQUENCE 15:d=3 hl=2 l= 9 prim: OBJECT:Basic OCSP Response --- I

Re: [openssl-users] View OCSP response in CMS

On Thu, Sep 22, 2011, Gabriel Marques wrote: > Thanks Steve and Erwann, > > Putting the OCSP response inside a tagged object did the job for > OpenSSL recognizing the OtherRevocationInfoFormat. > BouncyCastle also changed the CMS version to 5 automatically when I > did it, an

Re: [openssl-users] View OCSP response in CMS

Thanks Steve and Erwann, Putting the OCSP response inside a tagged object did the job for OpenSSL recognizing the OtherRevocationInfoFormat. BouncyCastle also changed the CMS version to 5 automatically when I did it, and I've changed the OID to the proper one (id-ri-ocsp-response).

Re: [openssl-users] View OCSP response in CMS

Le 22/09/2011 16:10, Dr. Stephen Henson a écrit : On Thu, Sep 22, 2011, Erwann Abalea wrote: [...] In your examples, you set version to 3. Based on your parsed example, it seems you correctly set the tag ([1]) for the "crls" element, but you didn't use the good encoding for the "other" field (

Re: [openssl-users] View OCSP response in CMS

On Thu, Sep 22, 2011, Erwann Abalea wrote: > Le 21/09/2011 21:20, Gabriel Marques a écrit : > >I'm developing a tool for signing digital TV apps, and one of the > >goals was to embed OCSP responses into the CMS signature file of > >the application. > >The idea is that the broadcaster equipment wou

Re: [openssl-users] View OCSP response in CMS

Le 21/09/2011 21:20, Gabriel Marques a écrit : I'm developing a tool for signing digital TV apps, and one of the goals was to embed OCSP responses into the CMS signature file of the application. The idea is that the broadcaster equipment would query the OCSP and update the response with certain

Re: View OCSP response in CMS

On Wed, Sep 21, 2011, Gabriel Marques wrote: > I'm developing a tool for signing digital TV apps, and one of the > goals was to embed OCSP responses into the CMS signature file of the > application. > The idea is that the broadcaster equipment would query the OCSP and > update t

View OCSP response in CMS

            SET(1 elem) //folded - CMS signer info SEQUENCE(2 elem) //Modified CMS structure with an embedded OCSP response - OpenSSL don't like it     OBJECT IDENTIFIER1.2.840.113549.1.7.2 //signedData PKCS #7     [0](1) //SignedData

OCSP Response problem

Hi all, I'm writing a program to check a certificate with OCSP in C++. I'm doing all in the same way as in ocsp.c from the OpenSSL-App, but I get no useful return from OCSP_RESPONSE* pOCSPResponse = NULL; nRet = OCSP_sendreq_nbio( &pOCSPResponse, pOCSPContext ); nRet is 0 and pO

OCSP Response problem

Hi all, I'm writing a program to check a certificate with OCSP in C++. I'm doing all in the same way as in ocsp.c from the OpenSSL-App, but I get no useful return from OCSP_RESPONSE* pOCSPResponse = NULL; nRet = OCSP_sendreq_nbio( &pOCSPResponse, pOCSPContext ); nRet is 0 and pO

Re: getting both "OCSP Response Status: successful" and an "Response Verify Failure" error ?

On Wed, Mar 24, 2010 at 4:46 AM, Dr. Stephen Henson wrote: > The path of the responder certificate has to be validated so you need to pass > the root CA using the -CAfile or -CApath command line arguments. adding -CAfile did the trick -- adding it to BOTH the server-launch cmd, AND the client-que

Re: getting both "OCSP Response Status: successful" and an "Response Verify Failure" error ?

t > > i get what seems to be a "successful" response of "good" CertStatus, > > OCSP Response Data: > OCSP Response Status: successful (0x0) > Response Type: Basic OCSP Response > Version: 1 (0x0) > Responder Id: DC = Auth, DC = testdomain,

getting both "OCSP Response Status: successful" and an "Response Verify Failure" error ?

testing an ocsp query to a local openssl ocsp 'server', openssl ocsp \ -issuer /svr/demoCA/certs/CA/CA.cert.pem \ -cert /svr/demoCA/certs/domains/testdomain.cert.pem \ -url http://localhost: \ -resp_text i get what seems to be a "successful" response of "good&qu

AW: WG: OCSP response signature verification

Done that. It now seems to work! Thank you :) S999D003:/home/ah/test # ./openssl ocsp -respin response-2.der -text OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = DE, O = D-Trust GmbH, CN = D-TRUST

Re: WG: OCSP response signature verification

On Fri, Mar 12, 2010, Michel Pittelkow - michael-wessel.de wrote: > Ah! That's exactly the point, where I tried to edit the code and recompile > it. But every time I tried to I became an error in make complaining about > [link_app.] and a false call of 'main' in _start... > > Can I just replace

AW: WG: OCSP response signature verification

Ah! That's exactly the point, where I tried to edit the code and recompile it. But every time I tried to I became an error in make complaining about [link_app.] and a false call of 'main' in _start... Can I just replace the file and recompile openssl? Or do I have to edit something in any type

Re: WG: OCSP response signature verification

On Fri, Mar 12, 2010, Michel Pittelkow - michael-wessel.de wrote: > I forgot to write, which versions are used. > For the client we are using 0.9.8L. But we also tested with M. > We are not sure about the responders but we are trying to find out. > Oops, there was a bug in the print routine whic

AW: WG: OCSP response signature verification

I forgot to write, which versions are used. For the client we are using 0.9.8L. But we also tested with M. We are not sure about the responders but we are trying to find out. Kind regards Michel Pittelkow > Hi everyone, > > we are currently trying to verify an ocsp response. > T

RE: WG: OCSP response signature verification

Sure! Here are the request and response files. Kind regards Michel Pittelkow > Hi everyone, > > we are currently trying to verify an ocsp response. > The return is "Response verify OK" but we need to verify the signature > algorithm of the response signature. > W

Re: WG: OCSP response signature verification

On Fri, Mar 12, 2010, Michel Pittelkow - michael-wessel.de wrote: > Hi everyone, > > we are currently trying to verify an ocsp response. > The return is "Response verify OK" but we need to verify the signature > algorithm of the response signature. > We tried putt

WG: OCSP response signature verification

Hi everyone, we are currently trying to verify an ocsp response. The return is "Response verify OK" but we need to verify the signature algorithm of the response signature. We tried putting the response into an DER and parsing it. But still no information about the signature.

AW: Decoding OCSP response data: ASN1_D2I_READ_BIO:not enough data

Dear list, another update - we got it. [Fri Jul 10 10:28:39 2009] [error] [client 172.30.64.154] MWDE/nm: OCSP response line unstripped: HTTP/1.1 200 OK [Fri Jul 10 10:28:39 2009] [debug] ssl_util_ocsp.c(217): [client 172.30.64.154] OCSP response header: Date: Fri, 10 Jul 2009 09:29:06 GMT

AW: Decoding OCSP response data: ASN1_D2I_READ_BIO:not enough data

st to OCSP responder [Tue Jul 07 14:32:25 2009] [debug] ssl_util_ocsp.c(208): [client 10.200.48.140] OCSP response header: Date: Tue, 07 Jul 2009 13:32:52 GMT [Tue Jul 07 14:32:25 2009] [debug] ssl_util_ocsp.c(208): [client 10.200.48.140] OCSP response header: Server: Apache-Coyote/1.1 [Tue Jul 07 14:

AW: Decoding OCSP response data: ASN1_D2I_READ_BIO:not enough data

] sending request to OCSP responder [Tue Jul 07 13:57:40 2009] [debug] ssl_util_ocsp.c(208): [client 10.200.48.140] OCSP response header: Date: Tue, 07 Jul 2009 12:58:07 GMT [Tue Jul 07 13:57:40 2009] [debug] ssl_util_ocsp.c(208): [client 10.200.48.140] OCSP response header: Server: Apache-Coyote/1.1

Re: Decoding OCSP response data: ASN1_D2I_READ_BIO:not enough data

including online OCSP request. OCSP uri is correct, > response is received, but then: > > [Fri Jul 03 12:37:27 2009] [debug] ssl_util_ocsp.c(104): [client > 172.30.64.154] sending request to OCSP responder > [Fri Jul 03 12:37:27 2009] [debug] ssl_util_ocsp.c(208): [client > 172.30.

Decoding OCSP response data: ASN1_D2I_READ_BIO:not enough data

2009] [debug] ssl_util_ocsp.c(104): [client 172.30.64.154] sending request to OCSP responder [Fri Jul 03 12:37:27 2009] [debug] ssl_util_ocsp.c(208): [client 172.30.64.154] OCSP response header: Date: Fri, 03 Jul 2009 11:37:54 GMT [Fri Jul 03 12:37:27 2009] [debug] ssl_util_ocsp.c(208): [client

ocsp response verify failure

21:38 2008 GMT Next Update: Jun 9 17:21:38 2008 GMT Does this mean that the OCSP response is good? How can I get the root CA error resolved? I wasn't sure if the CA and the issuer should be the same in this case? The file I was using is a bundle file intermediate and root

garbage-in garbage-out - was OCSP response nonce extension encoding not DER

e request (with nonce) from my end is now DER encoded. Regards, Simon McMahon Simon McMahon/Australia/Contr/[EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/10/2007 12:56 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject OCSP response nonce extension e

OCSP response nonce extension encoding not DER

Hi, Just saw some weirdness in OCSP response encodings with a nonce extension. The OCSP response has this for the extensions: A1 1E 30 1C 30 1A 06 09 2B 06 01 05 05 07 30 01 02 01 01 00 <--- 04 0A 04 08 A5 10 18 67 E5 A4 8B 2C The sencond last item is the 'false&#

RE: ocsp response validation problem

:49 AM To: openssl-users@openssl.org Subject: ocsp response validation problem Hi, 0.9.8b I'm doing some OCSP testing and I had a little confusion with OCSP response validation. If you leave out -CAfile on the request then the validation fails even in the simple case where the CA is the sa

ocsp response validation problem

Hi, 0.9.8b I'm doing some OCSP testing and I had a little confusion with OCSP response validation. If you leave out -CAfile on the request then the validation fails even in the simple case where the CA is the same as the issuer. The examples in the ocsp(1) doc should include a request

Re: How to get nonce from OCSP response ?

On Mon, Jun 05, 2006, Stefan Vatev wrote: > What I want is only the nonce, not the whole ASN1 structure. > I don't know which is the best way to parse it. > > > First, I get the X509_EXTENSION from the OCSP_RESPONSE > > bs = OCSP_response_get1_basic(response) > > resp_idx = OCSP_BASICRESP_get_

How to get nonce from OCSP response ?

What I want is only the nonce, not the whole ASN1 structure. I don't know which is the best way to parse it. First, I get the X509_EXTENSION from the OCSP_RESPONSE bs = OCSP_response_get1_basic(response) resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1) resp_ext = OCSP_B

SV: Signature verification of OCSP Response

EMAIL PROTECTED] För Dr. Stephen Henson Skickat: den 25 februari 2005 21:05 Till: openssl-users@openssl.org Ämne: Re: Signature verification of OCSP Response The problem is indeed due to a mismatch when the reponse is reencoded. However it looks like the encoding of CertStatus is invalid: CertS

Re: Signature verification of OCSP Response

On Fri, Feb 25, 2005, John Allberg wrote: > Hi! > > We're developing a OCSP Responder. During interop testing it was discovered > that openssl verifies the signature on the response nicely when the > certificate is reported as revoked, but fails to verify the signature when > the certificate is r

Signature verification of OCSP Response

Hi! We're developing a OCSP Responder. During interop testing it was discovered that openssl verifies the signature on the response nicely when the certificate is reported as revoked, but fails to verify the signature when the certificate is reported as valid. I've tested the signature in Ascerti

OpenSSL unable to verify OCSP Response

Hi,   I am trying to verify an OCSP Response using OpenSSL 0.9.7d but is failing. The error I get is:   OpenSSL> ocsp -respin asce_response.dat -VAfile ResponderCert.cerResponse Verify Failure2540:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is no t 01:.\crypto\

Re: OCSP Response telesek

On Wed, Jun 23, 2004, Christian Weber wrote: > OK, the previous answer was pretty fast - thank you. > > Now there´s another stupid question: why does the command > > >openssl ocsp -respin ocsp.resp -CAfile CAs.pem > > lead to > > >Response Verify Failure > >19961:error:27069070:OCSP routines:O

OCSP Response telesek

OK, the previous answer was pretty fast - thank you. Now there´s another stupid question: why does the command openssl ocsp -respin ocsp.resp -CAfile CAs.pem lead to Response Verify Failure 19961:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:148: though the correct

OCSP responder ID in OCSP response ( name or key hash )

(B (B (BHi,all (B  (BI would like to test my OCSP client. (BI noticed that when getting a response, the responder ID in the OCSP (Bresponse can be presented by name or key hash. (BIf I use OpenSSL as the responder , can the OpenSSL provides the response (Bwith the responder ID in Key ha

about delegated OCSP response signer

(B (B (BHi,all (B    I am studying using OpenSSL to verify an OCSP response (Bsigned by a delegated signer. (BI know , there should be OCSPSigning OID in the certificate of the (Bdelegated OCSP response signer. (BBut , how can I judge it from the X509 structure? (B  (BThat is to say

Re: About finding OCSP response signer

t: Monday, June 02, 2003 8:37 PM Subject: Re: About finding OCSP response signer On Mon, Jun 02, 2003, Wu Junwei wrote:> Hi,Steve,> > Thanks for your kindly answer.> >   But, I am still not very clear.> > In my understinding> >  I think responder may be

Re: About finding OCSP response signer

On Mon, Jun 02, 2003, Wu Junwei wrote: > Hi,Steve, > > Thanks for your kindly answer. > > But, I am still not very clear. > > In my understinding > > I think responder may be not the signer of the reponse because the CA of > the certificate in question can sign the response itself. > > The

Re: About finding OCSP response signer

What step do you think in my understanding is wrong or not totally correct?     Thanks,   wjw   - Original Message - From: Dr. Stephen Henson To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 8:47 PM Subject: Re: About finding OCSP response signer On Fri, May 30

About finding OCSP response signer

(B (B (BHi, (B    I am studying the verifying of the OCSP response. (B  (BI find that the function OCSP_basic_verify() in ocsp_vfy.c can do this (Bjob. (BIt is mainly devided into 2 parts. (B  (B1, to use the public key of the response signer to verify the basic (Bresponse (B2, to

OCSP Response

Hi All, Here at foot a response from my OCSP Responder. I would like to know if it sufficient answer from the validator or are there anything missing... e.g. some extensions: #--- OCSP Response Data: OCSP Response Status: successful (0x0

OCSP Response

Hi All, Here at foot a response from my OCSP Responder. I would like to know if it sufficient answer from the validator or are there anything missing... e.g. some extensions: #--- OCSP Response Data: OCSP Response Status: successful (0x0