Doubt regarding OCSP validation in HS2.0 R2 online signup using hs20-osu-client
Wed Nov 5 23:03:38 PST 2014
Online signup is failing with below error when I enable OCSP in
/system/bin/hs20-osu-client.workarounds. The error is from
HTTP error: No OCSP response received
It was found that ocsp_resp_cb() is called even before the download of
certificate ie, before download_cert(). The request is sent using
function - curl_easy_perform() which in turn parses devinfo.xml and
devdetail.xml to get information. But URI tag is NULL in devdetail.xml
from the logs I presume that OSCP URI is taking from devdetail.
Then what is significance of "Authority Information Access" field in
server.der. I was assuming that this URI will be used by OSU client to
validate the certificate. In order to do that OCSP request should be
sent only after downloading server certificate. Please correct if my
understanding is wrong.
Authority Information Access:
OCSP - URI:http://example.com:8888/
I am running OCSP server using ocsp-responder.sh from "hs20/server/ca"
folder. OCSP validation is passing if I test using ocsp-req.sh and
More information about the Hostap