Error in OCSP check - Githubissues

crtsh / certwatch_db

Database schema

https://crt.sh/

GNU General Public License v3.0

199 stars 36 forks source link

Error in OCSP check #58

Closed RufusJWB closed 5 years ago

RufusJWB commented 5 years ago

When I check the OCSP response for a certain certificate I receive the error message

asn1: structure error: tags don't match (16 vs {class:0 tag:28 length:104 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} responseASN1 @2

Does this mean there is a problem with the OCSP responder or is there a problem in crt.sh?

robstradling commented 5 years ago

Find the issuing CA on https://crt.sh/ocsp-responders, then click the link in the "B" column... https://crt.sh/ocsp-response?caID=1687&url=http%3A%2F%2Focsp.digicert.com&request=randomserial At least in this example, the OCSP responder is returning HTML instead of an OCSP response.

I suspect that the OCSP responder is behaving similarly for https://crt.sh/?id=114257231&opt=ocsp, perhaps because the cert has expired.