[OpenCA-Devel] Unknown serial support patch (CA/B Forum BR v1.1.9)

Vyronas Tsingaras Wed, 15 Oct 2014 22:55:03 -0700

CA/B Forum guideline v1.1.9 (since v1.0.3) Section 13.2.6 demands that an OCSP responder should not return GOOD to a request about an unrecognized serial. This patch implements that by logging the unknown serial and returning UNAUTHORIZED to the client. The serials are provided by a file that is specified in the CA configuration. A timeout option is supplied to reload the file each 'timeout' seconds. The serials file must be plaintext with each serial in hex (w/o "0x") and delimited by "\n".

The pull request in question is this: https://github.com/openca/openca-ocspd/pull/2

smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho

_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

[OpenCA-Devel] Unknown serial support patch (CA/B Forum BR v1.1.9)

Reply via email to