Hello Mark, thanks for the patches :D They are definitely useful.. I will integrate them soon.. I know the problem with the OpenSSL - but as we are planning on using LibPKI (that allows for direct integration with easy integration with PKCS#11 devices, among other things.. ) I was thinking about delaying the release of the new code a bit.
I will probably check the patch and schedule for a new OCSP release quite soon (before porting the server under LibPKI). Thanks again :D Ciao, Max Mark Ellzey Thomas wrote:
Greetings OpenCA developers! We have recently been looking into utilizing the OpenCA ocsp daemon forour own CA and have found it most useful. We did run into some issues with both bugs and features.After running the daemon under a small bit of load we found that the daemon would crash at random intervals - after a quick glance at the source it seems that OpenSSL was not being initialized in a thread safe manner. This fix is included within the patch. We also needed the ability for the code to handle GET style methods for ocsp requests. After looking over the current http handling code it was determined that cleaning up and re-factoring the http processing functionality may be in order. This was also included within the patch. In order to facilitate the GET requests I had to add a new flag "-u" where an administrator can specify the root URI (e.g., -u /ocsp/) so thecode knows to read the encoded data found afterwards.I hope that you find these changes useful, and I thank you for the great project! ~Mark
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
