Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8620

Default OCSP responder always sends "Unknown" for non-existing CA, regardless of settings

    Details

    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Team Bob - 2019 w40, EJBCA Team Bob - 2019 w42

      Description

      When an OCSP request with an unknown CA is sent to EJBCA, we use the "default responder", which can be a CA or an OCSP key binding.

      In OCSP key bindings, you can specify if non-existing certificates should receive special handling, instead of returning unknown. You can configure Good, Revoked or Unauthorized to be returned.

      This setting is ignored when an unknown CA is sent.

      Implement handling of this option for the default responder (except non-existing is good, which does not make sense in this case).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              samuel Samuel Lidén Borell
              Reporter:
              samuel Samuel Lidén Borell
              Verified by:
              Amin Khorsandi
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 hour
                  1h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h