On Mon, May 30, 2011, Stef Hoeben wrote: > Hello, > > After getting back an OCSP repsonse, OCSP_basic_verify() says > it can't find the responder cert in the OCSP response. > However, the responder cert is present in the response. > > Some more investigation shows that the parts of the DN are inversed: > - subject name in the responder ID: "/CN=Test OCSP Responder/C=BE" > - subject name in the cert: "/C=BE/CN=Test OCSP Responder" > > Is this an error in the OCSP responder, in my code or is it a > limitation of X509_NAME_cmp()? >
It's an error in the responder: the order of the DN components is significant. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org