Changes between Initial Version and Version 1 of Ticket #2116, comment 7


Ignore:
Timestamp:
01/02/21 02:14:17 (3 years ago)
Author:
Yan Foto

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2116, comment 7

    initial v1  
    2222This is exactly what I expect OpenSSL to do automatically when verifying the basic reponse ([https://trac.nginx.org/nginx/ticket/2116#comment:3 as its CLI does]).
    2323
    24 Finally, I assume that this is a bug with OpenSSL and not NGINX (so technically not belonging here), but at least I know for sure that was not wrong in assuming that I don't need to pass any extra certificates (thru `ssl_trusted_certificate`) for the OCSP verification to work.
     24Finally, ~~I assume that this is a bug with OpenSSL and not NGINX (so technically not belonging here)~~, but at least I know for sure that was not wrong in assuming that I don't need to pass any extra certificates (thru `ssl_trusted_certificate`) for the OCSP verification to work.
     25
     26**Update**:
     27
     28I just wrote a small program to check OpenSSL API. I could verify that in my small example OpenSSL could easily read and print the certificate included in the OCSP response. So I guess the question remains: ''why doesn't it manage to do the same in NGINX context?''
    2529
    2630----