[squid-users] Possible Bug in squid? [Fwd: Re: [openssl-users] Problem checking certificate with OCSP]
Walter H.
walter.h at mathemainzel.info
Tue Oct 6 05:17:02 UTC 2015
Hello could the following be the reason why
https://revoked.grc.com/
doesn't get any errors, when using SSL-Bump?
Thanks,
Walter
---------------------------- Original Message ----------------------------
Subject: Re: [openssl-users] Problem checking certificate with OCSP
From: "Dr. Stephen Henson" <steve at openssl.org>
Date: Mon, October 5, 2015 17:11
To: openssl-users at openssl.org
--------------------------------------------------------------------------
On Mon, Oct 05, 2015, Walter H. wrote:
> Hello,
>
> attached is the certificate and its chain of https://revoked.grc.com/
>
> doing this:
>
> openssl ocsp -no_nonce -issuer chain.pem -cert cert.pem -text -url
> http://ocsp2.globalsign.com/gsdomainvalg2
>
> goves the following:
>
> OCSP Request Data:
> Version: 1 (0x0)
> Requestor List:
> Certificate ID:
> Hash Algorithm: sha1
> Issuer Name Hash: 45658DA20174402FF48B3A6AC0BC69208095C7CA
> Issuer Key Hash: 96ADFAB05BB983642A76C21C8A69DA42DCFEFD28
> Serial Number: 112155688D380775DA34C5DF97433ED3F6A7
> Error querying OCSP responsder
> 139928584042312:error:27076072:OCSP routines:PARSE_HTTP_LINE1:server
response
> error:ocsp_ht.c:250:Code=403,Reason=Forbidden
>
> where is the problem for this strange error?
>
Some OCSP responders need the host header, try adding:
-header Host ocsp2.globalsign.com
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the squid-users
mailing list