On Mon, May 30, 2011, Stef Hoeben wrote:

> Hello,
> 
> After getting back an OCSP repsonse, OCSP_basic_verify() says
> it can't find the responder cert in the OCSP response.
> However, the responder cert is present in the response.
> 
> Some more investigation shows that the parts of the DN are inversed:
>  - subject name in the responder ID: "/CN=Test OCSP Responder/C=BE"
>  - subject name in the cert:               "/C=BE/CN=Test OCSP Responder"
> 
> Is this an error in the OCSP responder, in my code or is it a
> limitation of X509_NAME_cmp()?
> 

It's an error in the responder: the order of the DN components is significant.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to