Try sending that block to
pbpaste| xxd -r -p | openssl asn1parse -inform DER
0:d=0 hl=3 l= 190 cons: SEQUENCE
3:d=1 hl=2 l= 52 cons: cont [ 1 ]
5:d=2 hl=2 l= 50 cons: SEQUENCE
7:d=3 hl=2 l= 11 cons: SET
9:d=4 hl=2 l= 9 cons
Oh.. I'm a step further. I've checked every byte range of the ocsp
response for the recovered sha256 signature.
$ len=`cat ocsp.resp | wc -c`
$ for start in `seq 1 $len`; do
echo -n "$start "
for end in `seq 1 $[$len+1-$start]`; do
output=`cat ocsp.resp | tail -c +$start | head -c
Good day,
I don't fully understand ocsp certificate verification. In order to
better understand it, I want to do it manually. I can already do that
with certificates.
$ openssl s_client -connect openssl.org:443 -showcerts
# I save the server.crt and intermediate.crt
$ openssl verify -no-CApa
