[openssl-users] Problems verifying OCSP signatures

Richard Moore richmoore44 at gmail.com
Sat Jan 3 21:59:54 UTC 2015

On 3 January 2015 at 21:45, Walter H. <Walter.H at mathemainzel.info> wrote:

>  On 03.01.2015 18:16, Richard Moore wrote:
> I've now got this working, though to do so I seem to have to take the
> certificates supplied in the OCSP response directly out of the certs field
> of the OCSP_BASICRESP and add these as intermediates for the verification
> too. It feels bad to directly access the internals of this struct but there
> doesn't seem to be another way (unless someone can enlighten me).
>  Cheers
>  Rich.
> the certificate you want to test its validity with OCSP has the same
> intermediate CA cert. as the OCSP responder certificate you use in OCSP
> response

Simply specifying the intermediates from the certificate chain of the
server doesn't appear to actually work - that's what I tried first. Sadly
I've not seen any documentation or examples of how to use this part of


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20150103/4e5f506f/attachment.html>

More information about the openssl-users mailing list