Max,
I tested the latest code given by Mark and it works great. Just a
FYI, Get requests are ecoded slashes for e.g.:-
194.186.53.31 - - [08/Jun/2009:13:41:07 -0400] "GET
/ocsp/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTlXreDlf9xPB%2F%2BlgIfsGHd3PkLhgQUYaaZbS
SfDh
GI5jng%2FnTRBWlSqUMCBHAABjw%3D HTTP/1.1" 200 2389 0 "-"
"Microsoft-CryptoAPI/6.0"
Please update the documentation to configure apache, add the following
information in httpd.conf otherwise apache webserver will get a 404 error:-
AllowEncodedSlashes On
ProxyRequests Off
ProxyPass /ocsp _http://localhost:2560/ocsp_ (http://localhost:2560/ocsp)
nocanon
ProxyPassReverse /ocsp _http://localhost:2560/ocsp/_
(http://localhost:2560/ocsp/) nocanon
Thanks
Ajay
In a message dated 6/8/2009 12:43:40 Eastern Daylight Time,
massimiliano.p...@dartmouth.edu writes:
Hello Mark,
thanks for the patches :D They are definitely useful.. I will integrate
them soon.. I know the problem with the OpenSSL - but as we are planning
on using LibPKI (that allows for direct integration with easy integration
with PKCS#11 devices, among other things.. ) I was thinking about delaying
the release of the new code a bit.
I will probably check the patch and schedule for a new OCSP release quite
soon (before porting the server under LibPKI).
Thanks again :D
Ciao,
Max
Mark Ellzey Thomas wrote:
> Greetings OpenCA developers!
>
> We have recently been looking into utilizing the OpenCA ocsp daemon for
> our own CA and have found it most useful.
>
> We did run into some issues with both bugs and features.
>
> After running the daemon under a small bit of load we found that the
> daemon would crash at random intervals - after a quick glance at the
> source it seems that OpenSSL was not being initialized in a thread safe
> manner. This fix is included within the patch.
>
> We also needed the ability for the code to handle GET style methods for
> ocsp requests. After looking over the current http handling code it was
> determined that cleaning up and re-factoring the http processing
> functionality may be in order. This was also included within the patch.
>
> In order to facilitate the GET requests I had to add a new flag "-u"
> where an administrator can specify the root URI (e.g., -u /ocsp/) so the
> code knows to read the encoded data found afterwards.
>
> I hope that you find these changes useful, and I thank you for the great
> project!
>
> ~Mark
----------------------------------------------------------------------------
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
**************A Good Credit Score is 700 or Above. See yours in just 2 easy
steps!
(http://pr.atwola.com/promoclk/100126575x1222585043x1201462775/aol?redir=http://www.freecreditreport.com/pm/default.aspx?sc=668072&hmpgID=62&bcd=
JunestepsfooterNO62)
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
