Open Bug 811326 Opened 12 years ago Updated 6 months ago

Extend httpserv to implement OCSP server functionality

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: KaiE, Unassigned)

References

(Blocks 1 open bug)

Details

Kai Engert (:KaiE:)

Reporter

Description

•

12 years ago

We should extend httpserv to act as an OCSP server.

I propose that URLs that start with /ocsp shall be handled by new OCSP server logic.

I propose to add a new command line option to httpserv:
  --ocspsigner nickname

and we should allow to specify that option multiple times, allowing a single process to provide responses for multiple CAs.

I want to start with the basic scenario, where CA == OCSP signer.
(We can figure out a way to support separate dedicated OCSP signer certs at a later time.)

The code shall require that the NSS database contains the private keys for all specified OCSP signers.

Kai Engert (:KaiE:)

Reporter

Updated

•

12 years ago

Blocks: 811327

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Benjamin Beurdouche [:beurdouche]

Updated

•

6 months ago

Severity: S3 → N/A

Type: defect → enhancement

Priority: -- → P5

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Extend httpserv to implement OCSP server functionality

Categories

(NSS :: Tools, enhancement, P5)

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated