[openssl-users] OCSP response signed by self-signed trusted responder validation

[Salz, Rich]

The responder isn’t supposed to be self-signed.  It’s supposed to be signed by the CA issuing the certs.  That way you know that the CA “trusts” the responder.

Now, having said that, what you want to do is reasonable – think of it as “out of band” trust.  You will probably have to modify the source to support it, however.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181204/0cebbfdd/attachment.html>