Oh, that information is worth many horrible hours ! Thanks alot
Andreas ----- Original Message ---- From: rpr4394 <[email protected]> To: [email protected] Sent: Thursday, May 7, 2009 6:01:07 PM Subject: Re: [iText-questions] OCSP and timestamping PDF trouble with PKCS11 provider Paulo Soares-3 wrote: > > Yes, well sort of. Acrobat still complains about the OCSP validity but I > suspect that the problem has to do with the info sent to the responder, > probably the nonce. Should be fixed this weekend. > > Paulo > Paulo - I had the same issue. It appears that Acrobat expects an OCSP nonce to be an Octet string wrapped inside an Octet string - Acrobat double encodes the nonce's in it's OCSP requests this way. Not example RFC 2560 compliant in my opinion - the nonce should be able to be any byte sequence, not have to be a string within a string. Here's a sample ASN1 dump of a "normal" nonce: SEQUENCE { OBJECT IDENTIFIER ocspNonce (1 3 6 1 5 5 7 48 1 2) OCTET STRING 3B 57 B1 F8 C6 E9 3D 07 54 13 84 7B DD 06 94 DE 5A 11 46 9D } } Here is what I had to do to make Acrobat recognize the response - note the Octet string inside the Octet string: SEQUENCE { OBJECT IDENTIFIER ocspNonce (1 3 6 1 5 5 7 48 1 2) OCTET STRING, encapsulates { OCTET STRING 3B 57 B1 F8 C6 E9 3D 07 54 13 84 7B DD 06 94 DE 5A 11 46 9D } } } Thanks, Mark -- View this message in context: http://www.nabble.com/OCSP-and-timestamping-PDF-trouble-with-PKCS11-provider-tp23425269p23429449.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
