> > Is there any plan to support OCSP verification over LDAP (or LDAP/s)?
>This question makes no sense. OCSP and LDAP are two differnet protocols.
>It's like saying "SMTP over HTTP"
Huh? In what way doesn't it make sense? Sorry if the question might be
but I'm looking at the current OCSP verifier in OpenSSL, it can only use the
protocol to send the request. Unless I'm missing something new in any new
version of openssl, I can only use http with the current version that I
which is 0.9.7e.
I have a (potiential) customer which has a CA configured with an OCSP
talks only LDAP. The IT guy wouldn't want to set up an http responder
(don't ask reason, I can't figure that out either).
That's why I was asking if there is any plan to put in support to send
OCSP request over LDAP. And was asking if someone could recommend
an LDAP library that works on Windows, and maybe we can hack it
a little to make it work with openssl. I don't feel like porting the code
from openldap to Windows :(
I'm surprised that there's still not a re-usable LDAP client library out
after all these years. Maybe time to roll up leeves :)
> I have a (potiential) customer which has a CA configured with an OCSP
> responder that
> talks only LDAP. The IT guy wouldn't want to set up an http responder
> (don't ask reason, I can't figure that out either).
He probably means that the OCSP responder only gets certificates and CRL's
by doing LDAP queries.
> That's why I was asking if there is any plan to put in support to send
> OCSP request over LDAP.
There is no such thing. LDAP protocol has bind, search, etc., packets.
OCSP uses HTTP POST to make a query.
Can you show me where "OCSP over LDAP" is documented?