Dr S N Henson <[EMAIL PROTECTED]> writes:
>The Verisign [...] is one I've managed to get a reasonable reply out of.
>However the certificate is a little odd (invalid encoding of
>authorityInfoAccess) its cetificate is signed by the relevant root CA (which
>may not be the issuing CA) and the reponses appear non standard.
That may be a Netscape-ism, in earlier (and possibly still current) versions
of their OCSP client they did something funny like requiring that responses be
signed by some CA cert directly involved in issuing the cert, rather than a
special OCSP responder cert like other vendors seem to be using.
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
