Ciao Alex,
my concerns about publishing CRLs over HTTPS are based on the fact that
if you do that, the OCSPD will probably have no problems, but other
apps will - as that URL (HTTPS) will be used by many other apps besides
the OCSP, it is wise to consider it carefully before doing so :D
About th
h this is completely up to
you.
Cheers,
Alex
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Massimiliano Pala
Sent: Tuesday, December 04, 2007 04:17
To: OpenCA Developers
Subject: Re: [OpenCA-Devel] HTTPS support for OCSPD
Hi Alex,
sorry for the del
Hi Alex,
sorry for the delay in my answer. Indeed I have seen that you already sent the
code in the list. I am actually in the process (well, I should start in the next
few weeks) to port the OCSPD to use LibPKI to simplify keymanagement and
hardware
integration. I am not sure if I want to integ
Hi Alex,
actually I would suggest to NOT USE HTTPS for publishing CRLs. First of all,
CRLs are signed, the authentication is in the data itself. Second of all, you
may incur in a "I can't verify the SSL certificate presented by the server
because I need the CRL in order to proceed".
This may not
OK,
Although I haven't got any response to my previous mail, I'll dare to
share my code with you anyway (just in case somebody finds it useful).
Diffs for modified .c and .h files are attached.
All modifications are under #ifdef USE_CURL (or #ifndef USE_CURL), so
essentially you can decide at com
Okey...guess it's time have a look again at the new version ;-)
Alex Agranov wrote:
Hi Eddy,
I’m pretty new to the code, but as far as I can tell, OCSPD doesn’t
make any use of the index.db file.
The corresponding line from the ocspd.conf is never actually read by
OCSPD code (I’m lookin
d OCSPD works pretty fine.
Cheers,
Alex
From: Eddy Nigg (StartCom Ltd.) [mailto:[EMAIL PROTECTED]
Sent: Monday, October 29, 2007 11:17
To: Alex Agranov
Subject: Re: [OpenCA-Devel] HTTPS support for OCSPD
Thanks Alex, now I understand as everything else woul
Hi Alex,
I'm just thinking loadwhy should OCSP served over https? Isn't the
response signed anyway? I'm interested to know what lead you to add
https, perhaps something I didn't thought about?
Alex Agranov wrote:
Hi,
I did a small change to the OCSPD v1.5.1rc1 source code that repla
From: Eddy Nigg (StartCom Ltd.) [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 28, 2007 16:13
To: OpenCA Developers
Cc: Alex Agranov
Subject: Re: [OpenCA-Devel] HTTPS support for OCSPD
Hi Alex,
I'm just thinking loadwhy should OCSP served over https? Isn't the response
signed a
Hi,
I did a small change to the OCSPD v1.5.1rc1 source code that replaces built-in
HTTP protocol implementation by a cURL library. Major purpose for this change -
support of HTTPS protocol as well as authentication support for HTTP. I checked
the modified code in my environment and it seems to
10 matches
Mail list logo
