[EMAIL PROTECTED] - Fri Feb 28 15:35:44 2003]: > Hi, > > we discovered a problem with the openssl ocsp HTTP > client: when doing "openssl ocsp -issuer issuer.pem > -cert cert.pem -url http://ocspserver/ocsp -port 80 > -CAfile ca.pem" towards a server that returns as first > line "HTTP/1.1 200 ", and not "HTTP/1.1 200 OK", then > the error "Error querying OCSP responsder" is > returned. > > In the HTTP/1.1 RFC (2616), in sections 6.1 and 6.1.1, > we find following definitions: > > Status-Line = HTTP-Version SP Status-Code SP > Reason-Phrase CRLF > > Reason-Phrase = *<TEXT, excluding CR, LF> > > > This indicates that Reason-Phrase can be empty (* > indicates 0 or more). > > The openssl code in crypto/ocsp/ocsp_ht.c however > requires a non-empty reason-code to be present, making > it fail for ocsp requests towards an ocsp server that > returns an emtpy Reason-Phrase (e.g. "HTTP/1.1 200 ", > including the trailing space). It can be fixed by > applying attached patch (actually a diff to > crypt/ocsp/ocsp_ht.c, version 0.9.7a). >
I've commited your fix. Thanks for the report. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
