> [[email protected] - Tue Jul 26 10:00:04 2011]: > > Hello, > > Checking a certificate using ocsp, example: > openssl ocsp -CAfile CA.cert -issuer CA.cert -cert test.cert -url > http://ocspserver:port > > Fails if remote OCSP server is using virtual host (vhost), like a > reverse proxy leading to the real OCSP server. > > The problem is that openssl check does not include a HOST header in the > HTTP request. > > I took some info from Apache httpd project (modules/ssl/ssl_util_ocsp.c) > and have made a quick patch against 1.0.0d that include the HOST header. > I tested it and works. Find it attached. >
This functionality is already present in OpenSSL 1.0.0 and later. Check out the -header option to the ocsp utility. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
