[openssl-users] Problems verifying OCSP signatures
Richard Moore
richmoore44 at gmail.com
Sat Jan 3 21:59:54 UTC 2015
On 3 January 2015 at 21:45, Walter H. <Walter.H at mathemainzel.info> wrote:
> On 03.01.2015 18:16, Richard Moore wrote:
>
> I've now got this working, though to do so I seem to have to take the
> certificates supplied in the OCSP response directly out of the certs field
> of the OCSP_BASICRESP and add these as intermediates for the verification
> too. It feels bad to directly access the internals of this struct but there
> doesn't seem to be another way (unless someone can enlighten me).
>
> Cheers
>
> Rich.
>
> the certificate you want to test its validity with OCSP has the same
> intermediate CA cert. as the OCSP responder certificate you use in OCSP
> response
>
Simply specifying the intermediates from the certificate chain of the
server doesn't appear to actually work - that's what I tried first. Sadly
I've not seen any documentation or examples of how to use this part of
openssl.
Cheers
Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20150103/4e5f506f/attachment.html>
More information about the openssl-users
mailing list