OCSP parsing in client certificate

Beltramini Francesco Francesco.Beltramini at ema.europa.eu
Mon Apr 22 12:45:55 CEST 2013


Thanks for the explanation. 

I know that you didn't implement openssl :-), however, as I said and running it manually, openssl does say that there is OCSP information on the certificate.

[root at host ~]# openssl x509 -in beltraminif.cer -noout -ocspid -ocsp_uri
returns the correct value http://crl.ema.europa.eu/ocsp

Thanks,

F.



-----Original Message-----
From: freeradius-users-bounces+francesco.beltramini=ema.europa.eu at lists.freeradius.org [mailto:freeradius-users-bounces+francesco.beltramini=ema.europa.eu at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 19 April 2013 18:31
To: FreeRadius users mailing list
Subject: Re: OCSP parsing in client certificate

Beltramini Francesco wrote:
> Ok I see what you mean. 
> However, in my first mail I've also specified that: 
> 
> openssl x509 -in beltraminif.cer -noout -ocspid -ocsp_uri returns 
> http://crl.ema.europa.eu/ocsp (which is the correct url)
> 
> Do you know what kind of parsing is radius asking to openssl ? 

  The normal OpenSSL certificate parsing.

  We didn't implement OpenSSL, and we don't know a lot about it.  If OpenSSL says there's no OCSP information in the certs, it's an OpenSSL issue.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

________________________________________________________________________
This e-mail has been scanned for all known viruses by European Medicines Agency.
________________________________________________________________________


More information about the Freeradius-Users mailing list