I did some test with the OCSP-client code of the newest OpenSSL Developer
Snapshot right now, and found a few issues.
1) OCSP-Client code gives a segmantation fault, if the request was sent with
OCSP-nonce, but the response did not contain an OCSP-nonce. As far as I
understood RFC2560 this may be a possible scenario.
2) Given an OCSP-Responder, that does not append its own certificate (in the
delegated case): I could not give an OCSP-Certificate to trust using the
command line that helped me verify the response. You should be aware that
there are use cases that do not append any certificate to the response. I am
not really sure if this is a bug of apps/ocsp.c, libcrypto or my fault?
Just some remarks - sorry, that I am not suggesting a patch - a lot of work
to do here with problems of my own programs. Eventually I may find some time
next few weeks to submit some work.
--
Dipl.Inf. Florian Oelmaier
IT Security Development
syTrust S.A.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
