Am 18.02.15 um 13:19 schrieb Stephan Mühlstrasser:
Unfortunately the -no_explicit command line option is not documented:
https://www.openssl.org/docs/apps/ocsp.html
What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using the
-no_explicit command line option. What exactly is
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for openssl ocsp, should I file a documentation defect in
RT
for that?
yes, please.
___
openssl-users mailing list
To unsubscribe:
On Wed, Feb 18, 2015, Stephan M?hlstrasser wrote:
What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using
the -no_explicit command line option. What exactly is checked by
the X509_check_trust() call above with respect to the relevant RFCs?
If the responder root CA is set to be
On Tue, Feb 24, 2015, Stephan M?hlstrasser wrote:
Do I understand it correctly then that a local configuration of
OCSP signing authority here means that it is a deliberate choice
inside OpenSSL itself to look for the OCSPSigning flag in the
extended key usage of the root CA, although RFC
Am 24.02.2015 um 16:19 schrieb Salz, Rich:
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for openssl ocsp, should I file a documentation
defect in RT for that?
yes, please.
Never mind, Stephen already fixed the doc in master :)
Sorry, I sent
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for openssl ocsp, should I file a documentation
defect in RT for that?
yes, please.
Never mind, Stephen already fixed the doc in master :)
___
Am 24.02.15 um 14:47 schrieb Dr. Stephen Henson:
If the responder root CA is set to be trusted for OCSP signing then it can be
used to sign OCSP responses for any certificate (aka a global responder). This
comes under:
1. Matches a local configuration of OCSP signing authority for the
Hi,
I have a question about the behavior of OCSP_basic_verify() and the
meaning of the OCSP_NOEXPLICIT flag. The OCSP_basic_verify() function is
the only place where this flag has an effect in the whole OpenSSL
source, and in the openssl ocsp application it can be set with the
-no_explicit