Hi, after debugging some OCSP responses, I realized OCSP servers such as ocsp2.globalsign.com (e.g. http://ocsp2.globalsign.com/gsalphasha2g2 for AlphaSSL) which uses cloudflare, are denying queries from openssl
My post, e.g:
POST /gsalphasha2g2 HTTP/1.0
Content-Type: application/ocsp-request
Content-Length: 122
{data}
receives a 403 forbidden from the cloudflare-nginx, with the informative
message that "Direct IP access not allowed".
I assume the openssl OCSP query, at least when the -url option is used,
can and probably should pick the domain part out and attach as a "Host:
$domainname" header in the Post.
Regards,
Martin Millnert
signature.asc
Description: This is a digitally signed message part
