Hi, I have 2 questions about this implementation. 1) Can the OCSP client put multiple certificates to check in the request ? like this. ---------------------------------------------------------------- $ openssl ocsp -reqin ocsp_req.der -req_text OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 3429CF3BC59A76F61C3296E597B1F9D5F4A52B3A Issuer Key Hash: 68DBFBB578936A6704433C981F7ECE61819838C7 Serial Number: 03 Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 3429CF3BC59A76F61C3296E597B1F9D5F4A52B3A Issuer Key Hash: 68DBFBB578936A6704433C981F7ECE61819838C7 Serial Number: D0F00ED53778C7C5 Request Extensions: OCSP Nonce: 04104C65A6FA1D4839916C3B8C18A4EF2E5D ----------------------------------------------------------------
2) Is it available signing to OCSP request by client ? I indicate this https://tools.ietf.org/html/rfc6960#section-4.1.2 "The requestor MAY choose to sign the OCSP request." These 2 functionality might NOT need when we're doing OCSP stapling. (server cert to verify by OCSP stapling will be always single ...) Best regards, Kinichiro Inoguchi