On 3 January 2015 at 21:45, Walter H. <Walter.H at mathemainzel.info> wrote: > On 03.01.2015 18:16, Richard Moore wrote: > > I've now got this working, though to do so I seem to have to take the > certificates supplied in the OCSP response directly out of the certs field > of the OCSP_BASICRESP and add these as intermediates for the verification > too. It feels bad to directly access the internals of this struct but there > doesn't seem to be another way (unless someone can enlighten me). > > Cheers > > Rich. > > the certificate you want to test its validity with OCSP has the same > intermediate CA cert. as the OCSP responder certificate you use in OCSP > response > Simply specifying the intermediates from the certificate chain of the server doesn't appear to actually work - that's what I tried first. Sadly I've not seen any documentation or examples of how to use this part of openssl. Cheers Rich. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20150103/4e5f506f/attachment.html>
