On Sun, Apr 20, 2014, Martin Millnert wrote: > > after debugging some OCSP responses, I realized OCSP servers such as > ocsp2.globalsign.com (e.g. http://ocsp2.globalsign.com/gsalphasha2g2 for > AlphaSSL) which uses cloudflare, are denying queries from openssl > > My post, e.g: > POST /gsalphasha2g2 HTTP/1.0 > Content-Type: application/ocsp-request > Content-Length: 122 > {data} > > receives a 403 forbidden from the cloudflare-nginx, with the informative > message that "Direct IP access not allowed". > > I assume the openssl OCSP query, at least when the -url option is used, > can and probably should pick the domain part out and attach as a "Host: > $domainname" header in the Post. >
Custom headers can be added using the -header option to the ocsp utility. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
