> negotiation to [h2] via ALPN
> 28-Jun-2019 14:05:04.640 INFO [main] org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["https-openssl-nio2-8443"]
> 28-Jun-2019 14:05:04.877 INFO [main]
> org.apache.catalina.startup.Catalina.load Initializa
ctory [/opt/apache-tomcat.base/webapps/ROOT]
28-Jun-2019 14:05:08.827 WARNING [localhost-startStop-1]
org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of
SecureRandom instance for session ID generation using [SHA1PRNG] took [3,029]
milliseconds.
28-Jun-2019 14:05:08.876 I
certificateChainFile="/.../chain.pem"
> type="RSA" />
>
>
>
> Mark
>
I’m lost. My conf is pretty much similar.
JAVA_OPTS are set (startup logs show 17-Jun-2019 16:46:48.497 INFO [main]
org.apache.cat
On 17/06/2019 15:51, logo wrote:
> Mark,
>
>
> Am 2019-06-17 16:29, schrieb Mark Thomas:
>> On 17/06/2019 15:15, logo wrote:
>>> Hi Mark,
>>>
>>> having been in contact with Усманов, I can confirm your summary.
>>>
>>> May I add my question from February with additional info to this thread:
>>>
n err;
break;
default:
err = 1; /* we shouldn't have any errors */
break;
}
asn1+=len;
}
return err;
}
/* the main function that gets the ASN1 encoding string and returns
a pointer to a NULL terminated "array" of cha
TATUS_UNKNOWN;
>>> }
>>>
>>> /* if we can't get the issuer, we cannot perform OCSP
>>> verification */
>>> issuer = X509_STORE_CTX_get0_current_issuer(ctx);
>>> if (issuer != NULL) {
>>> r = ssl_ocsp_request(cert, issuer, ctx);
>>&g
sp_urls,
nocsp_urls, p);
}
break;
case ASN1_OID:
err = parse_ASN1_OID(asn1,ocsp_urls,nocsp_urls, p);
return err;
break;
default:
err = 1; /* we shouldn't have any errors */
break;
*nocsp_urls = new_nocsp_urls;
> *(*ocsp_urls + *nocsp_urls) = NULL;
> if ((ocsp_url = apr_palloc(p, len + 1)) == NULL) {
> err = 1;
> }
> else {
> memcpy(ocsp_url, asn1, len);
>
err = parse_ASN1_OID(asn1,ocsp_urls,nocsp_urls, p);
return err;
break;
default:
err = 1; /* we shouldn't have any errors */
break;
}
asn1+=len;
}
return err;
}
/* the main function that gets the ASN1 encoding str
2018]
От: Christopher Schultz
Отправлено: 23 мая 2019 г. 18:04:29
Кому: Усманов Азат Анварович
Тема: Re: OCSP with openSSL
Азат,
On 5/22/19 14:02, Усманов Азат Анварович wrote:
> [root] ~# openssl version
> OpenSSL 1.1.1a 20 Nov 2018
Great. Is thi
rc2-ecb rc2-ofb
rc4 rc4-40seed seed-cbc
seed-cfb seed-ecb seed-ofb sm4-cbc
sm4-cfb sm4-ctr sm4-ecb sm4-ofb
zlib
[root] ~# openssl ocsp -help
Usage: ocsp [options]
Valid options
k1.7.0_79
> -with-ssl=/usr/local/openssl && make && make install && make clean
> I'm not sure how to specify any ocsp related configure options
> when building tomcat nativefrom source
What is your OpenSSL version and capabilities?
$ openssl version
$ ope
specify any ocsp related configure options when building
tomcat nativefrom source
От: Mark Thomas
Отправлено: 22 мая 2019 г. 13:41
Кому: users@tomcat.apache.org
Тема: Re: OCSP with openSSL
On 22/05/2019 11:28, Усманов Азат Анварович wrote:
> Hi everyon
On 22/05/2019 11:28, Усманов Азат Анварович wrote:
> Hi everyone! I have a web app running on tomcat and java 7 using apr for TLS
> related issues. I m still unable to have OCSP verification working with
> tomcat.
> I have tried running tcpdump on the server but don't' see any Comodo related
responder address http://ocsp.comodoca.com
I thought that my issues were caused by the fact the server in question
sits behind a proxy but I just tested ocsp stapling manually via OpenSSL ocsp
utility and it working properly when invoked through the command line
openssl ocsp -no_nonce
15 matches
Mail list logo