-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/04/10 22:35, Davide Brini wrote:
> On Wednesday 28 April 2010, David Sommerseth wrote:
>
>>> +status=$(openssl ocsp -issuer "$issuer" \
>>> +"$nonce" \
>>> +-CAfile "$verify" \
>>> +
On Wednesday 28 April 2010, David Sommerseth wrote:
> > +status=$(openssl ocsp -issuer "$issuer" \
> > +"$nonce" \
> > +-CAfile "$verify" \
> > +-url "$ocsp_url" \
> > +-serial "0x${serial}" 2>/dev/null)
> > +
> >
contrib/OCSP_check/OCSP_check.sh:
I discovered that, quite surprisingly, the exit status of "openssl ocsp"
is 0 even if the certificate status is "revoked". This means that the
logic of the script needs to be rewritten so that it parses the output
returned by the query and explicitly looks
