OCSP: ocsp.omniroot.com/baltimore/... - what is it exactly?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> My webserver is getting flooded with queries like:
> 
> ocsp.omniroot.com 124.205.254.7 - - [30/Apr/2015:19:24:30 +0200] "GET
> /baltimoreroot/MEowSKADAgEAMEEwPzA9MAkGBSsOAwIaBQAEFMEvRXbt
> FVnssF26ib%2BdgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEByekag%3D
> %3D
> HTTP/1.1" 301 184 "-" "ocspd/1.0.3"

Well, that stinks.
 
url-decoding (%2b is + and %3d is =), and then base64 decoding it can give you the OCSP request:
;  ./openssl ocsp -text -reqin x.der
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: C12F4576ED1559ECB05DBA89BF9D8078E523D413
          Issuer Key Hash: E59D5930824758CCACFA085436867B3AB5044DF0
          Serial Number: 0727A46A

> Is it possible to say what "Common name / fqdn / certificate" is queried in
> such requests?

Not really.  The protocol assumes that the requestor has the cert, and the server has the serial#, so the protocol sends the minimal information.

Sorry.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux