Doubt regarding OCSP validation in HS2.0 R2 online signup using hs20-osu-client

Sreenath S sreenath.mailing.lists
Wed Nov 5 23:03:38 PST 2014

Hello Jouni,

Online signup is failing with below error when I enable OCSP in
/system/bin/hs20-osu-client.workarounds. The error is from

HTTP error: No OCSP response received

It was found that ocsp_resp_cb() is called even before the download of
certificate ie, before download_cert(). The request is sent using
function - curl_easy_perform() which in turn parses devinfo.xml and
devdetail.xml to get information. But URI tag is NULL in devdetail.xml
from the logs I presume that OSCP URI is taking from devdetail.

Then what is significance of "Authority Information Access" field in
server.der. I was assuming that this URI will be used by OSU client to
validate the certificate. In order to do that OCSP request should be
sent only after downloading server certificate. Please correct if my
understanding is wrong.

Authority Information Access:
    OCSP - URI:

I am running OCSP server using from "hs20/server/ca"
folder. OCSP validation is passing if I test using and


More information about the Hostap mailing list