[openssl-dev] [openssl.org #4226] FIX: ADD IPv6 support for OCSP Responder
Paul Necsoiu via RT
rt at openssl.org
Fri Jan 8 17:27:40 UTC 2016
Hello,
I have configured an OCSP responder with OpenSSL 1.0.2d which I started
with the following command
sudo openssl ocsp -index db/index -CA int-ca.crt -rsigner int-ocsp.crt
>> -rkey private/int-ocsp.key -url http://[::1]
>
> Enter pass phrase for private/int-ocsp.key:
>
> Waiting for OCSP client connections...
>
>
Verifying a certificate seems to be OK
openssl ocsp -issuer int-ca.crt -CAfile ~/root-ca/root-ca.crt -verify_other
> int-ca.crt -cert ~/cafe.ro.ecdsa.crt -url http://ip6-loopback
Response verify OK
/home/paul/cafe.ro.ecdsa.crt: good
This Update: Jan 8 15:06:37 2016 GMT
The problem is that even the OCSP responder is started with -url http://[::1]
and accessed with -url http://ip6-loopback it seems that it doesn't use the
IPv6 addresses but the IPv4 ones. See the attached wireshark capture.
--
O zi cat mai placuta!
Paul Necsoiu
Tel: 0721 36 75 33
E-mail:paul.necsoiu at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wireshark capture.png
Type: image/png
Size: 115898 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160108/c7a467de/attachment-0001.png>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list