[openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
CpServiceSPb .
cpservicespb at gmail.com
Wed Nov 18 11:36:06 UTC 2015
Is it possible to include at nearest developing plans ability of running
OpenSSL at Ocsp responder mode as multithreading daemon (Linux) and service
(Windows) ?
That is to add -daemon switch in conjunction with ocsp and -index (which
causes OSSL acting as responder) .
And in such way OSSL will serve many incoming OCSP requests in background
mode got at listening port in additional current OCSP functional.
To improve usability at such ocps reponder daemon mode txt DB file shoud be
used;
Format of the DB have to be look like index.txt and as followng:
Status Serial Root Cert
rkey parameter rcert parameter
V 1021 /path/Root.pem
/path/ocspserver.pem /path/ocspserver.pem
V 3565 /path/Root.pem
/path/ocspserver2.pem /path/ocspserver2.pem
So, second parameter is serial number of certificate in OCSP request, Root
cert equals -CAfile parameter of openssl ocsp -CAfile, rkey parameter &
rcert parameter are respectivelly -rkey and rcert parameters.
As follows, multiple certificate "checking" rules can be at Db.
And when OSSL starts it loads this DB to a memory, parses requests (as now)
and uses CAfile, rkey and rcert from DB for certificate with appropriate
serial.
Alex.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151118/18ae31d8/attachment.html>
More information about the openssl-dev
mailing list