Open jx6f opened 6 years ago
Can confirm this as well (built against openssl 1.1.0h). Called with -debug, it gives this kind of output
May 15 12:37:15 2018 GMT [30067] ERROR: [pki_ocsp_resp.c:200] [ERROR] Can not create basic entry!
May 15 12:37:15 2018 GMT [30067] ERROR: [response.c:449] [ERROR] Can not add a simple resp into the OCSP response
May 15 12:37:15 2018 GMT [30067] INFO: [response.c:637] [DEBUG] OCSP Response Bytes = 5, HTTP Header Bytes = 181
Agreed, the above change works
How to reproduce: Just request the status of the revoked certificate to ocspd.
Please use
X509_REVOKED_get0_revocationDate
insted ofX509_REVOKED_get0_serialNumber
.https://github.com/openca/openca-ocspd/blob/efeb90347aa857f6f9dfc39def657807077c152d/src/ocspd/response.c#L442