Thanks for the explanation. I know that you didn't implement openssl :-), however, as I said and running it manually, openssl does say that there is OCSP information on the certificate.
[root@host ~]# openssl x509 -in beltraminif.cer -noout -ocspid -ocsp_uri returns the correct value http://crl.ema.europa.eu/ocsp Thanks, F. -----Original Message----- From: freeradius-users-bounces+francesco.beltramini=ema.europa...@lists.freeradius.org [mailto:freeradius-users-bounces+francesco.beltramini=ema.europa...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 19 April 2013 18:31 To: FreeRadius users mailing list Subject: Re: OCSP parsing in client certificate Beltramini Francesco wrote: > Ok I see what you mean. > However, in my first mail I've also specified that: > > openssl x509 -in beltraminif.cer -noout -ocspid -ocsp_uri returns > http://crl.ema.europa.eu/ocsp (which is the correct url) > > Do you know what kind of parsing is radius asking to openssl ? The normal OpenSSL certificate parsing. We didn't implement OpenSSL, and we don't know a lot about it. If OpenSSL says there's no OCSP information in the certs, it's an OpenSSL issue. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ________________________________________________________________________ This e-mail has been scanned for all known viruses by European Medicines Agency. ________________________________________________________________________ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html