Massimiliano --
Glad to see your working on this effort :), I have a responder
available for testing information about this responder can be found at
http://www.valicert.com/ocsp. I am including a set of certificates for the
CAs found at that page as well.
VeriSign operates an OCSP responder at ocsp.verisign.com, however it
only can respond for the software publisher CAs. If you make a request for
another CA it will return an unauthorized (still not correct but better than
the malformed request it used to return :)).
Computer Associates also has a responder available Alistair Grant,
manages this responder; I can't find the URL at this time.
As for your immediate problem, its unclear to me what you are describing is
it possible for you to send DERs of both the request and the response?
Let me know if you need any assistance :)
Ryan M. Hurst
-----Original Message-----
From: Massimiliano Pala [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 27, 2001 12:36 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: OCSP daemon
Dr S N Henson wrote:
I managed the ocspd server to respond to the psm, anyway I get an error
into the HTTP reported format by psm. I don't know if this is related
to the response itself (and the reported error is not specific for the
response) or is a simple error in the HTTP syntax.
Here is what I send out BEFORE sending the DER encoded response:
HTTP/1.0 200 OK
Content-type: application/ocsp-response
Content-Length: 410
And then follows the response.
Some hint on OCSP support into netscape and mozilla:
o All requests are Version 1 (0x0);
o Netscape PSM is capable of requesting to ports
different from the 80 while Mozilla does not
correctly read the URL and uses only Port 80;
o Mozilla verifies all certificates when using
the prefs/security../manage certificates option
while Netscape PSM let you verify each certificate
separately;
More tests needed, anyway. Just a question about OCSP responders available:
someone has some URL for testing proposes ? If someone is interested in
seeing a very ugly piece of code (just testing, needs major work...)
I hope I will manage to put it onto the web within tomorrow at OpenCA
(guess the module name ... OpenCA-OCSPD ).
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
interop.zip.foo
