Re: OCSP response signed by self-signed trusted responder validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The responder isn’t supposed to be self-signed.  It’s supposed to be signed by the CA issuing the certs.  That way you know that the CA “trusts” the responder.

 

Now, having said that, what you want to do is reasonable – think of it as “out of band” trust.  You will probably have to modify the source to support it, however.

 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux