[openssl-users] OCSP response signed by self-signed trusted responder validation

2018-12-04 Thread Animesh Patel (anipatel) via openssl-users
Have a question with implementing an OCSP requestor that can handle validating an OCSP response that is not signed by the CA who issued the certificate that we are requesting the OCSP status for but rather, the OCSP response is signed by a self-signed trusted responder that includes the OCSP Sig

Re: [openssl-users] OCSP response signed by self-signed trusted responder validation

2018-12-04 Thread Animesh Patel (anipatel) via openssl-users
Thanks for the quick response Rich! Just a quick follow on. Per RFC6960 for OCSP, there are 3 options: All definitive response messages SHALL be digitally signed. The key used to sign the response MUST belong to one of the following: - the CA who issued the certificate in question

Re: [openssl-users] OCSP response signed by self-signed trusted responder validation

2018-12-04 Thread Animesh Patel (anipatel) via openssl-users
Thanks again Rich. If anyone else has any ideas please share. From: "Salz, Rich" Date: Tuesday, December 4, 2018 at 12:56 PM To: "anipa...@cisco.com" , "openssl-users@openssl.org" Subject: Re: [openssl-users] OCSP response signed by self-signed trusted responder validation Perhaps you can bu