Hi, I'm currently implementing an OCSP responder for use with EAP-TLS. I think I found a case of insufficient algorithm agility. Or I'm doing something wrong, hence my mail to the list here -can someone quickly confirm if I'm on the right track? I have a copy of the request FR 3.0.12 sends and the response I send back: [root@snf-734018 ticker]# openssl ocsp -reqin realrequest.der -req_text OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: DCEB2C72264239201A4A5DF547C78268A1CB33A2 Issuer Key Hash: BC8DDD42F7B3B458E8ECEE403D21D404CEB9F2D0 Serial Number: 0BA50D497E [root@snf-734018 ticker]# openssl ocsp -respin realresponse.der -resp_text OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: O = eduroam, OU = eduroam-as-a-Service, CN = eduroam-as-a-Service Client Auth Issuing CA - Prototype Produced At: Jan 11 08:24:56 2017 GMT Responses: Certificate ID: Hash Algorithm: sha256 Issuer Name Hash: 7A6CC4FC2F34491E91A8764D1F0990FB8FE02FE6FD64713AE4DCE0E731E5B508 Issuer Key Hash: D9CE624ED036FD290E8BDA9A36107D40D37C41DF1BB268741157074D66B3C038 Serial Number: 0BA50D497E Cert Status: good This Update: Jan 11 08:24:56 2017 GMT Next Update: Jan 21 08:24:56 2017 GMT Signature Algorithm: sha256WithRSAEncryption As can be seen, the request is about the same certificate (by serial), and the issuer and key are identical (I verified that out-of-band; it's my own CA and my own response generator. I am sure all is good.). But: FreeRADIUS sends the name and key hashes hashed with SHA1; my resonse does the hashes with SHA256. The result in debug mode is: Wed Jan 11 03:56:13 2017 : Debug: (54) eap_tls: Starting OCSP Request Wed Jan 11 03:56:13 2017 : Debug: (54) eap_tls: ocsp: Using responder URL "http://ocsp-test.hosted.eduroam.org:80/ticker/" Wed Jan 11 03:56:13 2017 : ERROR: (54) eap_tls: ocsp: No Status found Wed Jan 11 03:56:13 2017 : ERROR: (54) eap_tls: ocsp: Certificate has been expired/revoked The Status sits right there in the response: "Cert Status: good" but for some reason FR won't accept it. I believe it would be easy to fix this; calculate the name and key hashes for both algos and check if the response matches any one of those. I thought I could slap you with RFC6960's section 4.3: "Clients that request OCSP services SHALL be capable of processing responses signed using RSA with SHA-256 (identified by the sha256WithRSAEncryption OID specified in [RFC4055]). " but that one only pertains to the signature hash algorithm of the full response (which is sha256, and which does not seem to be the issue here). So, is all that correct? For the moment I will generate responses with SHA1 name and key hashes. But it feels like a step in the wrong direction. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66