Hi, > I have checked this - it is normal PEM formatted CRL. After upgrading to > 1.1.1a version CRL via HTTP is working well. But... > > It seems that OCSP server downloads CRLs in a little bit different way than > wget. After some tests I discovered, that OpenCA OCSP server connects to > HTTP resource not by name (i.e. http://www.company.com/crl/cacrl.crl), but > by IP address, resolved from http host name (i.e. > http://123.45.67.8/crl/cacrl.crl ). In my configuration I have several > different websites on one IP, so webserver just do not know where to find > this "/crl/cacrl.crl". I think it can be a bug, but I haven't checked > newest version of OpenCA OCSP - 1.5.1. It is uses pthreads, but I just do > not want to install something new on my old FreeBSD 4.11 machine. Can > somebody test such CRL downloading configuration and write here the result?
I had reported that problem some time ago directly, and it should be solved in 1.5.1, OCSPD should send proper Host: HTTP Headers now. Best regards, Philipp Gühring ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
