Hi!, I'm running OpenCA 0.9.1.3 in a RedHat 8.0 envioroment and all is OK, but with the OCSP daemon I have a problem... when I request for a revoked certificated I obtain a
"Responder Error: malformedrequest (1)"
After some test, I think the problem is in X509_REVOKED's extensions. In
ocsp_response.c [line 231]
if( ! r->extensions) continue;
and [line 249]
if( (asn = X509_REVOKED_get_ext_d2i( r, NID_crl_reason, NULL, NULL)) == NULL) { ...
is allways null!!, so loc_r not change, and it's "-1" and the function
ocsp_crl_get_entry allways return a null value. I don't know why is it. The
certificated revoked is a standard certificated, I don't change any
configuration file of ssl. I revoke my certificated in the RA interface (I put
the serial number and the reason), this CRR is exchange to the CA and the
certificated is revoked, then I do a new CRL that export to the RA. Can I
modifie any configuration file or any step?.
I attach the CRL and a revoked certificated
Thanks in advance,
Lucio.
cacrl.pem
Description: Binary data
05.pem
Description: Binary data
