Guillaume Tamboise wrote:
Hello,I am running OpenCA OCSPD v1.1.0a to validate certificates used by Cisco routers.
[...]
The problem I am having is that with this specific configuration, my certificate is accepted even when it has been revoked. Cisco IOS seems to react that way because the OCSP response coming from OpenCA OCSP would contain an invalid field. In that case, the "ocsp" response is disregarded and the "none" revocation check method would be triggered...
[...]
Ideas?
The CISCO implementation of OCSP is quite picky about the OCSP responses,
anyway it seems
something it is not working properly as the contents of the extension should be
copied
and added to the response.
Could you please send me the CRL and the CA cert for testing your problem ?
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)11 564 7081
http://security.polito.it Fax: +39 178 270 2077
Mobile: +39 (0)347 7222 365
Politecnico di Torino (EuroPKI)
Certification Authority Informations:
Authority Access Point http://ca.polito.it
Authority's Certificate: http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List: http://ca.polito.it/crl02/crl.crl
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
