31 May
2005
31 May
'05
6:09 p.m.
Olle Mulmo writes:
I would say that your responder got confused up by the proxy certs. Possbily also that that it is one of the responders that cannot handle multi-certificate requests (array count > 1).
I think (guess) it is more likely the latter, but don't know. I will try to rig up some kind of test that can see what our demo OCSP responder can do with a couple chained CA's and an EE cert (probably as close as ESnet can get rite now). I think what we should do is request developers of client and OCSP server code support properly parsed multiple cert OCSP requests but recommend against using them. This sounds ridiculous but until we fully understand how the commercial servers work...