ocspd returns internalError on revoked certificate verification

openca / openca-ocspd

The OpenCA's Online Certificate Status Protocol Daemon

Other

88 stars 34 forks source link

ocspd returns internalError on revoked certificate verification #31

Open jx6f opened 6 years ago

jx6f commented 6 years ago

How to reproduce: Just request the status of the revoked certificate to ocspd.

Please use X509_REVOKED_get0_revocationDate insted of X509_REVOKED_get0_serialNumber.

https://github.com/openca/openca-ocspd/blob/efeb90347aa857f6f9dfc39def657807077c152d/src/ocspd/response.c#L442

msoltyspl commented 6 years ago

Can confirm this as well (built against openssl 1.1.0h). Called with -debug, it gives this kind of output

May 15 12:37:15 2018 GMT [30067] ERROR: [pki_ocsp_resp.c:200] [ERROR] Can not create basic entry!
May 15 12:37:15 2018 GMT [30067] ERROR: [response.c:449] [ERROR] Can not add a simple resp into the OCSP response
May 15 12:37:15 2018 GMT [30067] INFO: [response.c:637] [DEBUG] OCSP Response Bytes = 5, HTTP Header Bytes = 181

mattbodholdt commented 5 years ago

Agreed, the above change works