grimm-co / gocsp-responder Goto Github PK
View Code? Open in Web Editor NEWOCSP responder written in Go meant to be used with easy-rsa
License: MIT License
OCSP responder written in Go meant to be used with easy-rsa
License: MIT License
Hi,
I'm facing an issue again. I tested the setup with Firefox to see if the repsonder works properly with browser requests as well. Unfortunately it does not. Requests comming from Firefox result in:
http: panic serving 1.2.3.4:1234: runtime error: invalid memory address or nil pointer dereference
Here is a trace from the log file:
2017/03/03 14:03:02 Got POST request from 1.2.3.4:1234
2017/03/03 14:03:02 Looking for serial ...
2017/03/03 14:03:02 Found entry &{...}
2017/03/03 14:03:02 This certificate is valid
2017/03/03 14:03:02 http: panic serving 1.2.3.4:1234: runtime error: invalid memory address or nil pointer dereference
goroutine XX [running]:
net/http.(*conn).serve.func1(...)
/path/to/go/src/net/http/server.go:1721 ...
panic(...)
/path/to/go/src/runtime/panic.go:489 ...
gocsp-responder/responder.(*OCSPResponder).verify(...)
/path/to/gocsp-responder/responder/responder.go:307 ...
gocsp-responder/responder.(*OCSPResponder).makeHandler.func1(...)
/path/to/gocsp-responder/responder/responder.go:100 ...
net/http.HandlerFunc.ServeHTTP(...)
/path/to/go/src/net/http/server.go:1942 ...
net/http.(*ServeMux).ServeHTTP(...)
/path/to/go/src/net/http/server.go:2238 ...
net/http.serverHandler.ServeHTTP(...)
/path/to/go/src/net/http/server.go:2568 ...
net/http.(*conn).serve(...)
/path/to/go/src/net/http/server.go:1825 ...
created by net/http.(*Server).Serve
/path/to/go/src/net/http/server.go:2668 ...
The same happens with GET requests comming from Microsoft CryptoAPI.
Please let me know if you need any further information.
Thanks!
Hi,
First of all I would like to thank you for this great project - exactly what I have been looking for. However, I am facing the issue that I am unable to check the status of any certificate using openssl ocsp
command because GOSCP is always complaining with "Issuer name does not match". Checking the same certificate with the OpenSSL OCSP Server using the same index file, CA file, rcert and rkey is working fine. What am I doing wrong?
Thank you!
Hi,
I was just testing with a certificate with a 16 bytes serial number using openssl ocsp
command. In the responder log I can see: Looking for serial 0xa737f5dbf1d133b3
In fact the serial is twice the size. The first 8 bytes seem to be cut off. Therefore the verification fails. Is this an issue with the responder or openssl? It works just fine if i remove the first 8 bytes in the index file.
Thanks!
EDIT: Corrected "bits" to "bytes"
Hi,
I'm just wondering if it was possible to serve OCSP repsonses for multiple intermediate CAs. How to configure this when there are multiple DBs and CA certs?
Thanks!
Would it be possible to reference a signed CRL rather than a txt file?
Also, it would be great to be able to provide an encrypted signing key and provide the passphrase in an environment variable or something.
Great project btw,
thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.