On 05-01-16 21:23, rosect190 at yahoo.com wrote: > Hi, I am using OCSP_response_status(..) to check the OCSP result. My > openssl is of version 1.0.1h. > > It is noticed that if the response has some issue, for example, the ocsp > server can not be contacted and thus the request is timed out (this can > be handled separately.) or if the Responder URL path is not correct, the > call to OCSP_response_status(..) will generate a Segmentation fault. If you pass incorrect data to OCSP_response_status(), things may go wrong. So don't do that, then :-) Instead, the HTTP library which you use should be able to inform you if the HTTP request failed for some reason. When it does, don't call OCSP_response_status()... (also, make sure to call OCSP_basic_verify() before accepting the result of OCSP_response_status() at fact value, because the latter checks the signature while the former does not). -- Wouter Verhelst
