OCSP malformedrequest with 1.9.7 and openssl 1.0.2e
Maxim Dounin
mdounin at mdounin.ru
Sat Dec 5 03:32:48 UTC 2015
Hello!
On Fri, Dec 04, 2015 at 05:40:02PM -0500, agruener wrote:
> OCSP is not working on my raspberrypi2 with nginx 1.9.7 and OpenSSL 1.0.2e.
> I have compiled both together.
>
> tail /var/log/nginx/error.log
>
> 2015/12/04 22:28:21 [error] 14841#0: OCSP response not successful (1:
> malformedrequest) while requesting certificate status, responder:
> ocsp.startssl.com
> 2015/12/04 22:28:29 [error] 14841#0: OCSP response not successful (1:
> malformedrequest) while requesting certificate status, responder:
> ocsp.startssl.com
> 2015/12/04 22:28:30 [error] 14842#0: OCSP response not successful (1:
> malformedrequest) while requesting certificate status, responder:
> ocsp.startssl.com
The message means that an OCSP request was successfully sent, but
OCSP responder returned an error. This may be either due to OCSP
response being indeed incorrect for some reason, or due to a
problem on OCSP responder side.
You may try the following:
- check if OCSP requests from other clients (e.g., browsers) work;
note that openssl's OCSP client will likely fail out of the box;
- check if the same error occurs on x86 hosts for the same
certificate or not;
- try tcpdump'ing traffic between nginx and the OCSP
responder to see what happens on the wire.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list