nghttp2/script
Tatsuhiro Tsujikawa a4156cded3 fetch-ocsp-response: Handle spurious openssl exist status 0
With OpenSSL <= 1.0.1, openssl ocsp command still returns exit code 0,
even if verification was failed.  If that happens certain string is
emitted in stderr, so check that string and if exists, treat it as
error.  This issue was fixed in OpenSSL 1.0.2.

At least OpenSSL 1.0.2, openssl ocsp command still returns exit code
0, even if responder returned non-successful status code (e.g.,
trylater(3)).  We are not sure this is intentional or not.  To handle
this, we again check certain error string in stdout, and if it is
found, treat it as error.
2015-08-21 23:28:45 +09:00
..
Makefile.am Include script/README.rst in dist 2015-06-06 23:32:32 +09:00
README.rst
fetch-ocsp-response fetch-ocsp-response: Handle spurious openssl exist status 0 2015-08-21 23:28:45 +09:00

README.rst

fetch-ocsp-response is a Python script which performs OCSP query and
get response.  It uses openssl command under the hood.  nghttpx uses
it to enable OCSP stapling feature.

fetch-ocsp-response is a translation from original fetch-ocsp-response
written in Perl and which has been developed as part of h2o project
(https://github.com/h2o/h2o).

fetch-ocsp-response is usually installed under $(pkgdatadir), which is
$(prefix)/share/nghttp2.