Hi, we discovered a problem with the openssl ocsp HTTP client: when doing "openssl ocsp -issuer issuer.pem -cert cert.pem -url http://ocspserver/ocsp -port 80 -CAfile ca.pem" towards a server that returns as first line "HTTP/1.1 200 ", and not "HTTP/1.1 200 OK", then the error "Error querying OCSP responsder" is returned.
In the HTTP/1.1 RFC (2616), in sections 6.1 and 6.1.1, we find following definitions: Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF Reason-Phrase = *<TEXT, excluding CR, LF> This indicates that Reason-Phrase can be empty (* indicates 0 or more). The openssl code in crypto/ocsp/ocsp_ht.c however requires a non-empty reason-code to be present, making it fail for ocsp requests towards an ocsp server that returns an emtpy Reason-Phrase (e.g. "HTTP/1.1 200 ", including the trailing space). It can be fixed by applying attached patch (actually a diff to crypt/ocsp/ocsp_ht.c, version 0.9.7a). Regards, Peter __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
