Re: OCSP with openSSL

2019-07-17 Thread logo
Hi Mark, Sorry for top posting - I want to wrap this thread up. I was bitten again by the default SSL Implementation. While I wanted to use JSSE on Port 8443, I just noticed today that without telling the connector to do so (sslImplementationName=„org.apache.tomcat.util.net.jsse.JSSEImplementa

Re: OCSP with openSSL

2019-06-28 Thread logo
Mark, Still no luck with 8.5.42/JDK11/JSSE. > Am 17.06.2019 um 22:11 schrieb logo : > > Mark, > > >> Am 17.06.2019 um 18:00 schrieb Mark Thomas > >: >> >> On 17/06/2019 15:51, logo wrote: >>> Mark, >>> >>> >>> Am 2019-06-17 16:29, schrieb Mark Thomas: On 17/06/

Re: OCSP with openSSL

2019-06-17 Thread logo
Mark, > Am 17.06.2019 um 18:00 schrieb Mark Thomas : > > On 17/06/2019 15:51, logo wrote: >> Mark, >> >> >> Am 2019-06-17 16:29, schrieb Mark Thomas: >>> On 17/06/2019 15:15, logo wrote: Hi Mark, having been in contact with Усманов, I can confirm your summary. May I

Re: OCSP with openSSL

2019-06-17 Thread Mark Thomas
On 17/06/2019 15:51, logo wrote: > Mark, > > > Am 2019-06-17 16:29, schrieb Mark Thomas: >> On 17/06/2019 15:15, logo wrote: >>> Hi Mark, >>> >>> having been in contact with Усманов, I can confirm your summary. >>> >>> May I add my question from February with additional info to this thread: >>> h

Re: OCSP with openSSL

2019-06-17 Thread logo
Mark, Am 2019-06-17 16:29, schrieb Mark Thomas: On 17/06/2019 15:15, logo wrote: Hi Mark, having been in contact with Усманов, I can confirm your summary. May I add my question from February with additional info to this thread: https://markmail.org/message/zvziqrhm32bctm7e Thanks. Progr

Re: OCSP with openSSL

2019-06-17 Thread Mark Thomas
On 17/06/2019 15:15, logo wrote: > Hi Mark, > > having been in contact with Усманов, I can confirm your summary. > > May I add my question from February with additional info to this thread: > https://markmail.org/message/zvziqrhm32bctm7e Thanks. Progress can be tracked here: https://bz.apache.o

Re: OCSP with openSSL

2019-06-17 Thread logo
Hi Mark, having been in contact with Усманов, I can confirm your summary. May I add my question from February with additional info to this thread: https://markmail.org/message/zvziqrhm32bctm7e Thanks. Peter Am 2019-06-17 15:44, schrieb Mark Thomas: Coming back to this as it has been on my TO

Re: OCSP with openSSL

2019-06-17 Thread Mark Thomas
Coming back to this as it has been on my TODO list for a while. Having re-read the thread I think it would be helpful to first clarify exactly what behaviour you are expecting and not seeing. The issue relates to OCSP checks when Tomcat is presenting it's server certificate to the client. You ar

RE: OCSP with openSSL

2019-05-27 Thread Усманов Азат Анварович
Just a quick follow up , trying to get some answers, I added include to sslutils.c (which has alll the ocsp functions ) to print some info.I added printf calls to every function defined in this file. Interestingly enough when I issue the openssl s_client -connect debug.ieml.ru:8443 -t

Re: OCSP with openSSL

2019-05-23 Thread Усманов Азат Анварович
2018] От: Christopher Schultz Отправлено: 23 мая 2019 г. 18:04:29 Кому: Усманов Азат Анварович Тема: Re: OCSP with openSSL Азат, On 5/22/19 14:02, Усманов Азат Анварович wrote: > [root] ~# openssl version > OpenSSL 1.1.1a 20 Nov 2018 Great. Is this al

RE: OCSP with openSSL

2019-05-22 Thread Усманов Азат Анварович
(deprecated) -no_check_time ignore certificate validity time -allow_proxy_certs allow the use of proxy certificates От: Christopher Schultz Отправлено: 22 мая 2019 г. 19:45 Кому: users@tomcat.apache.org Тема: Re: OCSP with openSSL -BEGIN PGP

Re: OCSP with openSSL

2019-05-22 Thread Christopher Schultz
$ openssl -help $ openssl ocsp -help - -chris > От: Mark Thomas > Отправлено: 22 мая 2019 г. 13:41 Кому: > users@tomcat.apache.org Тема: Re: OCSP with openSSL > > On 22/05/2019 11:28, Усманов Азат Анварович wrote: >> Hi everyone! I have a web app

RE: OCSP with openSSL

2019-05-22 Thread Усманов Азат Анварович
w to specify any ocsp related configure options when building tomcat nativefrom source От: Mark Thomas Отправлено: 22 мая 2019 г. 13:41 Кому: users@tomcat.apache.org Тема: Re: OCSP with openSSL On 22/05/2019 11:28, Усманов Азат Анварович wrote: > Hi every

Re: OCSP with openSSL

2019-05-22 Thread Mark Thomas
On 22/05/2019 11:28, Усманов Азат Анварович wrote: > Hi everyone! I have a web app running on tomcat and java 7 using apr for TLS > related issues. I m still unable to have OCSP verification working with > tomcat. > I have tried running tcpdump on the server but don't' see any Comodo related

OCSP with openSSL

2019-05-22 Thread Усманов Азат Анварович
Hi everyone! I have a web app running on tomcat and java 7 using apr for TLS related issues. I m still unable to have OCSP verification working with tomcat. I'm NOT talking about the client- certificate based auth here, just the opposite. I want tomcat to present it's OCSP status to the clie