Hello, Ouch... I have seen the "-header" in the code, but don't know how to use it. It does not appear in the help, nor in the web documentation: http://www.openssl.org/docs/apps/ocsp.html
# openssl version OpenSSL 1.0.0d 8 Feb 2011 # openssl ocsp --help OCSP utility Usage ocsp [options] where options are -out file output filename -issuer file issuer certificate -cert file certificate to check -serial n serial number to check -signer file certificate to sign OCSP request with -signkey file private key to sign OCSP request with -sign_other file additional certificates to include in signed request -no_certs don't include any certificates in signed request -req_text print text form of request -resp_text print text form of response -text print text form of request and response -reqout file write DER encoded OCSP request to "file" -respout file write DER encoded OCSP reponse to "file" -reqin file read DER encoded OCSP request from "file" -respin file read DER encoded OCSP reponse from "file" -nonce add OCSP nonce to request -no_nonce don't add OCSP nonce to request -url URL OCSP responder URL -host host:n send OCSP request to host on port n -path path to use in OCSP request -CApath dir trusted certificates directory -CAfile file trusted certificates file -VAfile file validator certificates file -validity_period n maximum validity discrepancy in seconds -status_age n maximum status age in seconds -noverify don't verify response at all -verify_other file additional certificates to search for signer -trust_other don't verify additional certificates -no_intern don't search certificates contained in response for signer -no_signature_verify don't check signature on response -no_cert_verify don't check signing certificate -no_chain don't chain verify response -no_cert_checks don't do additional checks on signing certificate -port num port to run responder on -index file certificate status index file -CA file CA certificate -rsigner file responder certificate to sign responses with -rkey file responder key to sign responses with -rother file other certificates to include in response -resp_no_certs don't include any certificates in response -nmin n number of minutes before next update -ndays n number of days before next update -resp_key_id identify reponse by signing certificate key ID -nrequest n number of requests to accept (default unlimited) -<dgst alg> use specified digest in the request Regards, Carlos Velasco Stephen Henson via RT on 26/07/2011 11:58 wrote: > > This functionality is already present in OpenSSL 1.0.0 and later. Check > out the -header option to the ocsp utility. > > Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
