The OpenCA OCSP Responder is an RFC 2560 compliant OCSPD responder. It can be used to verify the status of a certificate using OCSP clients (such as Mozilla/Netscape7). The Responder is actually included in the main OpenCA distribution package. It is also possible to install the daemon as a stand-alone application, in which case you will need a CRL (or access to an LDAP server where the CRL can be obtained).
|Operating Systems||Unix Mac OS X POSIX BSD Linux Solaris|
Release Notes: Changes mostly involve updating support for LibPKI 0.8.5, which fixes HTTP performances issues.
Release Notes: This version includes updated support for LibPKI 0.8.0, several memory leak fixes, a fix for a configuration parsing error that was preventing the reloading of expired CRLs, optimized network packet managing when sending responses, a fix for using specific hash algorithms in the responder's signatures (SHA-1 is needed to support old Cisco devices), improved support for the GET HTTP method and startup error logging, and support for a new '-testmode' switch that sets the OCSP as a test responder where all signatures are invalidated by flipping the first bit in the signature.
Release Notes: This version updates default configuration files (default passin is set to none), adds enhanced support for ECDSA, and updates thread management with built-in support from LibPKI 0.6.3. The start/stop script, a memory error in config.c that caused a segfault on CRL reload, and an extra two bytes sent out after the DER encoding of the response is written, which was causing Firefox/Thunderbird not to validate the answer were fixed. An error in the return code check for PKI_NET_listen was also fixed, along with an error in config parsing when no bind address was provided.
Release Notes: Extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, and IPv6 support.
Release Notes: Thread support was added. HTTP header parsing was improved.