Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
> We have no plans to do this. >> May be will put it into your plans ? >>> Doubtful. We have lots of other work to do. Writing a full-strength database-backed OCSP responder is outside of our interests. I decided not wait for you and I have made OSSL Ocsp responder based at index DB - storing/getting some necessary parameters for its operating at Index text DB in my own. Now is for 1.0.2d version. Look at: https://github.com/CpServiceSpb/OpenSSLOcsp.git And a big wishing to you as dev. team is to check code and include to the next nearest release version. Because I need Windows version also, but man, who builds (compiles) OSSL installation for Windows make it for released main versions only (not for forked) . And I don' t have Windows building environment for it at the time. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
Congratulations, sounds like nice work! Ø And a big wishing to you as dev. team is to check code and include to the next nearest release version. I doubt anyone on the team will review the code, and it almost certainly will not become part of OpenSSL. I hope that others are interested and will contribute to your project. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
Ø Why this part of code will never become part of OSSL ? It's not what we do. OpenSSL is a crypto and TLS toolkit. It is not a general PKI solution. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
> ... and it almost certainly will not become part of OpenSSL It sound bad. Why this part of code will never become part of OSSL ? ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
> We have no plans to do this. May be will put it into your plans ? > It would be nice to see something like this as a new open-source project. I am for that by both hands. Burt unfortunatelly I am not a well skilled programmer/developer and I will not do it. I can give the task for that for developers only. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
Ø > We have no plans to do this. May be will put it into your plans ? Doubtful. We have lots of other work to do. Writing a full-strength database-backed OCSP responder is outside of our interests. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
Is it possible to include at nearest developing plans ability of running OpenSSL at Ocsp responder mode as multithreading daemon (Linux) and service (Windows) ? That is to add -daemon switch in conjunction with ocsp and -index (which causes OSSL acting as responder) . And in such way OSSL will serve many incoming OCSP requests in background mode got at listening port in additional current OCSP functional. To improve usability at such ocps reponder daemon mode txt DB file shoud be used; Format of the DB have to be look like index.txt and as followng: StatusSerial Root Cert rkey parameterrcert parameter V1021 /path/Root.pem /path/ocspserver.pem /path/ocspserver.pem V3565 /path/Root.pem /path/ocspserver2.pem/path/ocspserver2.pem So, second parameter is serial number of certificate in OCSP request, Root cert equals -CAfile parameter of openssl ocsp -CAfile, rkey parameter & rcert parameter are respectivelly -rkey and rcert parameters. As follows, multiple certificate "checking" rules can be at Db. And when OSSL starts it loads this DB to a memory, parses requests (as now) and uses CAfile, rkey and rcert from DB for certificate with appropriate serial. Alex. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL as OCSP server (responder) as multithreading daemon !
Ø Is it possible to include at nearest developing plans ability of running OpenSSL at Ocsp responder mode as multithreading daemon (Linux) and service (Windows) ? We have no plans to do this. It would be nice to see something like this as a new open-source project. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev