[Openswan Users] ocsp & openswan

david david2005.p at gmail.com
Fri Jun 17 15:02:35 CEST 2005

> Most people don't even use CRLs ;-)
> If you want a working OCSP solution then switch to strongSwan found at
>   http://www.strongswan.org
> Regards
> Andreas

Hi Andreas,

I see in the strongswan documentation that an OCSP server can be
started like this:

openssl ocsp -index index.txt -CA strongswanCert.pem -port 8880 \
             -rkey ocspKey.pem -rsigner ocspCert.pem \
             -resp_no_certs -nmin 60 -text

So this server is listening to the port 8880.

but in the fetch.c file of openswan or strongswan I find that the
request from the client are sent "via http post using libcurl " (in
the "fetch_ocsp_status" function).

So the requests are send via http to the ocsp server on port 80 ...

does the server listen to the port  80 too ?
what did I miss?


More information about the Users mailing list