Re: About finding OCSP response signer

[Wu Junwei]

Hi,Steve,   Thanks for your kindly answer.     But, I am still not very clear.   In my understinding    I think responder may be not the signer of the reponse because the CA of the certificate in question can sign the response itself.   The public key got from the responder's certificate is  X509_PUBKEY *key in X509_CINF struct in X509 struct. I think this public key should be the public key of the responder itself.   So I still can not understand why the signer's public key must be the public key of the responder. Especially , when the CA signs the response itself.     What step do you think in my understanding is wrong or not totally correct?     Thanks,   wjw   ----- Original Message ----- From: Dr. Stephen Henson To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 8:47 PM Subject: Re: About finding OCSP response signer On Fri, May 30, 2003, Wu Junwei wrote: > Hi,Steve, >     Do you mean the ResponderID is not the public key/name hash of the > responder's certificate. > In fact, it is the public key/name hash of the signer of the response . > No they are both the same: the responders certificate contains the public key of the signer of the response. Steve. -- Dr Stephen N. Henson. Core developer of the   OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project                                 http://www.openssl.org User Support Mailing List                    [EMAIL PROTECTED] Automated List Manager                           [EMAIL PROTECTED]