Thanks, Why didn't I check that? Well, I made it validate correctly by doing a very strange and not usable workaround. I believe something is broken. I followed your suggestion and posted a more complete entry to the us...@httpd.apache.org list. I will file a bug report if no one can point out any errors I have made.
/ulfW -----Original Message----- From: Joe Orton [mailto:jor...@redhat.com] Sent: den 17 augusti 2010 16:01 To: Ulf Wahlqvist Cc: modssl-users@modssl.org Subject: Re: OCSP-validation fails - Wrong cert passed to OCSP by Apache On Tue, Aug 17, 2010 at 12:47:26PM +0200, Ulf Wahlqvist wrote: > I still don't get it. I used Wireshark and found out that the > certificate sent to the OCSP-responder is the CA-cert, not the > client-cert to be validated! I am clueless. The code tries to verify each cert in the client cert chain from issuing CA down to the end-entity client cert with the OCSP responder - this is expected behaviour. The modssl-users@ was used for discussion of mod_ssl for Apache httpd 1.3. For discussion of OCSP in httpd 2.3 I'd recommend us...@httpd.apache.org - file bugs if you think the code is buggy. http://issues.apache.org/bugzilla/ Regards, Joe
