Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ok, so gnutls-cli from libgnutls 3.2 has a --ocsp parameter, that turns on ocsp. And it sort of "works":

    $ gnutls-cli -p 443 --ocsp revoked.grc.com
    (..)
    Resolving 'revoked.grc.com'...
    Connecting to '4.79.142.205:443'...
    - Certificate type: X.509
    - Got a certificate list of 2 certificates.
    - Certificate[0] info:
    (...)
    - Status: The certificate is trusted.
    Connecting to OCSP server: ocsp.digicert.com...
    Resolving 'ocsp.digicert.com'...
    Connecting to '93.184.220.29:80'...
    *** Verifying OCSP Response: Failure, Signature failure.
    *** OCSP response ignored
                      ^^^^^^^ ! WTF?
So, by working, I mean that it doesn't work.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: