Hi, We use openssl ocsp to make certificate checks in an application inside our company and openssl has to do the check through the company proxy. We have seen that openssl doesn't use httt_proxy environment variable neither use any parameter to use proxy. Also, we have seen that squid (which is the proxy our company use) doesn't implement ocsp protocol (http://devel.squid-cache.org/ssl/), I think.
Is there any way to use ocsp through a squid proxy ?? As openssl doesn't support proxy I've managed to tunnel it through our proxy with proxychains (http://proxychains.sourceforge.net/) and we received the following error message in our squid log: 127.0.0.1 - - [29/Oct/2010:12:27:39 +0200] "CONNECT 213.170.35.240:80 HTTP/1.0" 403 1440 "-" "-" TCP_DENIED:NONE We've tested it with the following commands and both gives the same results: proxychains openssl ocsp -CAfile /tmp/acraiz-dnie.cer -issuer /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_i.pem -cert /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_c.pem -url http://ocsp.dnie.es proxychains openssl ocsp -CAfile /tmp/acraiz-dnie.cer -issuer /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_i.pem -cert /tmp/7c76ee6e3713d8a54bdcb39ff4237fc6cert_c.pem -host ocsp.dnie.es:80 -url http://ocsp.dnie.es Thanks for any clue and regards, Fernando. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
