Re: Why is this OCSP response reporting a hash using SHA1?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 09/11/2017 12:23 PM, Salz, Rich via openssl-users wrote:
Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at
     least the server should have some control over the hash used?
Well, it is the client that is making the request, so therefore the client needs to hash the cert information.

Ah, I see.  I was looking at this from the wrong side.

A production-quality OCSP responder might have configuration controls to specify which type of digests it wants to see in the request.  As with most of the OpenSSL command-line interface, it’s not a product.

Understood. This is mostly about providing a development/testing environment. And if your standard calls out use of OCSP, then you really should include that in testing. I am getting ready to focus on the IETF SIngapore hackathon...

I would actually really like to have a SIMPLE OCSP responder. But so far have not found one. freeIPA has one buried within it, but that is too disruptive to install unless you buy into freeIPA.

thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux