Fixed here, to be merged into post-1.0.2. Thanks:
https://github.com/akamai/openssl/tree/rsalz-monolith/apps
commit 3e3a94bcf03ab5251d95e028dffc14c8a369f2c1
Author: Rob Stradling rob.stradl...@comodo.com
Date: Wed Sep 3 10:42:02 2014 -0400
RT2206: Support issuer in OCSP response signing
The
The attached patches (generated against OpenSSL 0.9.8n and OpenSSL-1.0.0-
beta5) cause openssl ocsp to implicitly trust the Issuing CA Certificate (as
denoted by the -issuer parameter) as a candidate OCSP Response signer. This
non-delegated model is allowed by RFC 2560.
With this patch, it's