[Openswan Users] ocsp & openswan

david david2005.p at gmail.com
Tue Jun 14 17:18:31 CEST 2005

hi all,

I am trying to use the OCSP protocol to check the validity of my certificates.
So I have downloaded the libcurl-devel package providing curl headers,
I have set USE_LIBCURL to true and HAVE_THREAD to true.

And when my CA sign a certificate it adds the following extension on
the certificates:
Authority Information Access :

this is the address where my OCSP server is running.

So when I manually ask for the validity of a certificate to the OCSP
server , it responds correctly.

But, when I try manually to establish A VPN with the certificates the
ocsp server is not asked.

is it normal?
is there an ocsp client in pluto or not ?
does this check can only be done by a web browser ?


More information about the Users mailing list