On Tue, Jul 28, 2009, Randy Turner wrote: > Is the OCSP response verification algorithm described below implemented > exclusively by OpenSSL, or is the algorithm an implementation > of a particular RFC algorithm? >
It is follows the rules in RFC2560. The CA signing and delegate signing are taked directly from RFC2560. It also allows a CA which "Matches a local configuration of OCSP signing authority for the certificate in question" and that's the "global responder" configuration option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
