question about trsut root CA, ocsp responder cert, requester singer cert, and issuer cert

Edward Tsang etsang at splunk.com
Thu Jun 2 21:11:44 UTC 2022


I know that we need
* ocsp responder cert for verifying the signature of ocsp response,
* CA issuer cert to generate CERTID for ocsp request
and
* ocsp requestor can choose to sign ocsp request using a signer certificate.

But instead of having users set that as 3 different  settings, I am
thinking of maybe
load these 3 different cert into the trust cert store, then later on
loading these certs back via SSL_CTX_load_verify_locations().

But how I am not sure how to extract these into 3 files to pass to apis like
OCSP_cert_to_id to generate certID
OCSP_request_sign to sign request
and
OCSP_Basic_verify to also verify the response signature.

Any code examples out there that does the simialr hing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220602/86184109/attachment.htm>


More information about the openssl-users mailing list