Michael Bell wrote: > This is really easy. We can reuse the function to rebuild the index.txt > in crypto-utils.lib.
Great. This will give us more time before having to develop a dbms layer
for the ocsp responder, athough the process of rebuilding the index.txt
could be somehow quite heavy for big organizations...
... and remember the index.txt is kept in memory by the ocspd daemon ...
this because it uses openssl's TXT_DB functions...
(anyway this is a first version that has not even been tested with currently
available clients -- someone has OCSP working clients ??? I tested Mozilla,
Netscape6 but them do not verify certificates using OCSP -- at least with
my quick&dirty setup, if someone succeed in testing or having a working
client it could be useful to share your tests with us ... :-D).
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] madwolf at cpan.org
madwolf at openca.org
http://www.openca.org madwolf at hackmasters.net
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
