On Mon, Oct 29, 2007, Bruce Keats wrote: > Hi, > > I have been trying for a couple of days now to test an OCSP responder, but I > am having problems getting the openssl OCSP client to send the OCSP requests > to the OCSP responder listed in the certificate's AIA. If I use the -url > option with openssl ocsp command, then it will generate the OCSP request, > send the request to the URI and decode and print the results. Here is a > sample command: > > openssl ocsp -issuer /tmp/cacert.pem -cert /tmp/bruce-cert.pem -text > -CAfile /tmp/cacert.pem -url http://192.168.0.185:80 > > This works! > > I would have thought that if I remove the -url option from the command then > openssl would send the OCSP request to the list of OCSP responders in the > Authority Information Access (AIA) extension. Well, it does not. Instead > it just prints out the request and exits. I have tried various options > without success. I have read the man page many times and did some google > searches without finding anything that works. I am sure I am overlooking > the obvious. >
Well the obvious in this case is that that functionality is not currently supported. It will be added at some point though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
