在OCSP响应中,responderID的用途是什么?
[英]What is the use of the responderID in the OCSP response?
问题描述
I am not clear on the use of the responder ID in the definition of the OCSP response. 
我不清楚在OCSP响应的定义中使用响应者ID。
I am doing OCSP checks via Java's PKIX APIs. 我正在通过Java的PKIX API进行OCSP检查。
Using a third party library I get (during the OCSP response processing): 使用我得到的第三方库(在OCSP响应处理期间):
java.security.cert.CertPathValidatorException: Could not determine revocation status: ResponderID in response did not match responder certificate.
If I switch to the default provider (eg SUN), I get no such exception and the revocation check works fine. 如果我切换到默认提供程序(例如SUN),我没有得到这样的异常,并且撤销检查正常。
Looking into this more, it seems that this exception is related to whether the identifier of the responder will use the key hash of the public key of the signing certificate or the subject of the signing certificate. 再看一下,似乎这个异常与响应者的标识符是否将使用签名证书的公钥的密钥哈希或签名证书的主题有关。
I do not know what is the difference though and why SUN's implementation does not have a problem with the OCSP response. 我不知道有什么区别,为什么SUN的实现没有OCSP响应的问题。
I do not want to jump to conclusion and drop the other library before I understand what is going on here. 在我理解这里发生的事情之前,我不想跳到结论并删除其他库。
Could someone please help me understand what could be the problem here? 有人可以帮我理解这里可能出现的问题吗?
1 个解决方案
解决方案1
1 已采纳 2011-05-09 12:44:57
ResponderID允许客户端在服务器提供的证书中找到证书,或者在未提供证书时,在客户端本地存储的证书中找到证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.