Am 24.02.2015 um 16:19 schrieb Salz, Rich:
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for "openssl ocsp", should I file a documentation
defect in RT for that?
yes, please.
Never mind, Stephen already fixed the doc in master :)
Sorry, I sent alrea
On Tue, Feb 24, 2015, Stephan M?hlstrasser wrote:
>
> Do I understand it correctly then that "a local configuration of
> OCSP signing authority" here means that it is a deliberate choice
> inside OpenSSL itself to look for the OCSPSigning flag in the
> extended key usage of the root CA, although
Am 24.02.15 um 14:47 schrieb Dr. Stephen Henson:
If the responder root CA is set to be trusted for OCSP signing then it can be
used to sign OCSP responses for any certificate (aka a global responder). This
comes under:
1. Matches a local configuration of OCSP signing authority for the
c
> > As there is no documentation and as noone seems to know the meaning of
> > the -no_explicit for "openssl ocsp", should I file a documentation
> > defect in RT for that?
>
> yes, please.
Never mind, Stephen already fixed the doc in master :)
___
ope
> As there is no documentation and as noone seems to know the meaning of
> the -no_explicit for "openssl ocsp", should I file a documentation defect in
> RT
> for that?
yes, please.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
On Wed, Feb 18, 2015, Stephan M?hlstrasser wrote:
>
> What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using
> the "-no_explicit" command line option. What exactly is checked by
> the X509_check_trust() call above with respect to the relevant RFCs?
>
If the responder root CA is set
Am 18.02.15 um 13:19 schrieb Stephan Mühlstrasser:
Unfortunately the "-no_explicit" command line option is not documented:
https://www.openssl.org/docs/apps/ocsp.html
What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using the
"-no_explicit" command line option. What exactly is che
Hi,
I have a question about the behavior of OCSP_basic_verify() and the
meaning of the OCSP_NOEXPLICIT flag. The OCSP_basic_verify() function is
the only place where this flag has an effect in the whole OpenSSL
source, and in the "openssl ocsp" application it can be set with the
"-no_explicit
