On Tue, Aug 17, 2010 at 12:47:26PM +0200, Ulf Wahlqvist wrote: > I still don't get it. I used Wireshark and found out that the > certificate sent to the OCSP-responder is the CA-cert, not the > client-cert to be validated! I am clueless.
The code tries to verify each cert in the client cert chain from issuing CA down to the end-entity client cert with the OCSP responder - this is expected behaviour. The modssl-users@ was used for discussion of mod_ssl for Apache httpd 1.3. For discussion of OCSP in httpd 2.3 I'd recommend us...@httpd.apache.org - file bugs if you think the code is buggy. http://issues.apache.org/bugzilla/ Regards, Joe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majord...@modssl.org
