Plan for OCSP verifier to LDAP?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Plan for OCSP verifier to LDAP?

coco coco
Is there any plan to support OCSP verification over LDAP (or LDAP/s)?

OT: BTW, could anyone recommend an LDAP client library (C or C++) that works
on Windows? Preferably open source.

thanks

coco

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Plan for OCSP verifier to LDAP?

Rich Salz
> Is there any plan to support OCSP verification over LDAP (or LDAP/s)?

This question makes no sense.  OCSP and LDAP are two differnet protocols.
It's like saying "SMTP over HTTP"
        /r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Plan for OCSP verifier to LDAP?

coco coco
>
> > Is there any plan to support OCSP verification over LDAP (or LDAP/s)?
>
>This question makes no sense.  OCSP and LDAP are two differnet protocols.
>It's like saying "SMTP over HTTP"
> /r$

Huh? In what way doesn't it make sense? Sorry if the question might be
confusing,
but I'm looking at the current OCSP verifier in OpenSSL, it can only use the
HTTP
protocol to send the request. Unless I'm missing something new in any new
version of openssl, I can only use http with the current version that I
have,
which is 0.9.7e.

I have a (potiential) customer which has a CA configured with an OCSP
responder that
talks only LDAP. The IT guy wouldn't want to set up an http responder
(don't ask reason, I can't figure that out either).

That's why I was asking if there is any plan to put in support to send
OCSP request over LDAP. And was asking if someone could recommend
an LDAP library that works on Windows, and maybe we can hack it
a little to make it work with openssl. I don't feel like porting the code
from openldap to Windows :(

I'm surprised that there's still not a re-usable LDAP client library out
there,
after all these years. Maybe time to roll up leeves :)

rgds

coco

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ? get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Plan for OCSP verifier to LDAP?

Rich Salz
> I have a (potiential) customer which has a CA configured with an OCSP
> responder that
> talks only LDAP. The IT guy wouldn't want to set up an http responder
> (don't ask reason, I can't figure that out either).

He probably means that the OCSP responder only gets certificates and CRL's
by doing LDAP queries.

> That's why I was asking if there is any plan to put in support to send
> OCSP request over LDAP.

There is no such thing.  LDAP protocol has bind, search, etc., packets.
OCSP uses HTTP POST to make a query.

Can you show me where "OCSP over LDAP" is documented?
        /r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]