Dr. Stephen Henson
Fri, 12 Mar 2010 03:40:49 -0800
On Fri, Mar 12, 2010, Michel Pittelkow - michael-wessel.de wrote: > Hi everyone, > > we are currently trying to verify an ocsp response. > The return is "Response verify OK" but we need to verify the signature > algorithm of the response signature. > We tried putting the response into an DER and parsing it. But still no > information about the signature. > There are signature algorithm printed, but those are the ones of the > certificates. Or am I wrong? > > Is there a way to only print the signature of the response? >
It should print the signature algorithm and signature just before the certificates. See the OCSP_RESPONSE_print() function in ocsp_prn.c. Are you using an old version of OpenSSL? > I've added the response for further information. > Any help would be appreciated! > Would be more useful if you'd attached the DER response i.e. response-2.der, can you send that? > S999D003:/tmp/ocsp # openssl ocsp -respin response-2.der -text [snip] Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org