Hi ,
I am trying to send a OCSP request via the HTTP GET method. I am getting the response as malformed packet. Can anybody please help me to get some correct ethereal GET message log for a sample OCSP request
Member
Hi ,
I am trying to send a OCSP request via the HTTP GET method. I am getting the response as malformed packet. Can anybody please help me to get some correct ethereal GET message log for a sample OCSP request
Member
You just need to create a HTTP connection to the OCSP server send a request and process the response.
There aren't currently any helper classes in BC for creating the HTTP messages. It should just be a matter of Base64 encoding the the results of calling getEncoded() on the various OCSP and sending it off, you'll need to use the MIME library as well.
Regards
Member
I have already created the OCSP request message. The request reaches the server. The request is of the form {url}/{request} but the server sends the 200 Ok response and it states Malformed request. I have the packet captured using ethereal. Now i want to get the Ethereal packet Log for a sucessful GET request for OCSP . I am not able to infer why is the packet malformed.
Member
Malformed packet means that the dissector can't work out the contents of the packet any further. This can have various reasons:
- The chosen dissector is wrong for this packet
- The packet is longer that a single frame and not reassembled
- There is a bug in the dissector
- (dare I say it?) The packet is wrong
Any of these is possible. You'll have to look into the specific situation to determine what it is. You could disable the dissector by disabling the protocol on the Analyzer menu and check how Ethereal displays the packet then. You could (if it's TCP) enable reassembly for TCP and the specific dissector (if possible) in the Edit|Preferences menu. You could check the packet contents yourself by reading the packet bytes and comparing it to the protocol specification. This could reveil a dissector bug. Or you could find out that the packet is indeed wrong.
Have fun
Member
They are reported as malformed because they run ontop of port 5000.
The only protocol Ethereal knows about that use port 5000 is CPFI which is a protocol to transport fibrechannel frames ontop of UDP port 5000.
So ethereal tries to dissect it as CPFI which it is not and thus fails with malformed packet.
Member
I would like to know the exact format of the HTTP GET message and the response we can get from the OCSP responder. My GET message as captured by ethereal looks like the below
GET http://{url}/{base64 encoded der encoded OCSP request}
Can you please tell me how to check wherther the request is correctly formed or not.
Member
I want to know about a sample OCSP request example via the HTTP GET method. How does a request look like and what are the required headers to be included
Member
Perhaps this code is useful for you:
/**
... CONSTRUCT REQUEST STRUCTURE [1]...
*/
// Coding the request:
byte[] array = ocspRequest.getEncoded();
// Sending the Request:
// serviceAddr is the HTTP location (URL) of OCSP service
if (serviceAddr != null) {
hostAddr = serviceAddr;
try {
if (serviceAddr.startsWith("https")) {
HttpsURLConnection con = null;
URL url = new URL((String) serviceAddr);
con = (HttpsURLConnection) url.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true);
OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array);
dataOut.flush();
dataOut.close();
// Looking for errors in the response:
if (con.getResponseCode() / 100 != 2) {
throw new Exception(...);
}
InputStream in = (InputStream) con.getContent();
ocspResponse = new OCSPResp(in);
/**
... DECODING THE RESPONSE [2] ...
*/
}
else {
...
}
}
catch (Exception e) {
...
}
}
[1] For construct OCSP request you can use class "OCSPClientExample" of chapter 7 of the book (or similar request generator).
[2] When decoding OCSP response you must verify signature of response, you can get status, you must manage single response/s (class SingleResp of BouncyCastle OCSP Package), etc.
Regards.
Member
Thanks for the code . But the problem here is i am using the Opensource libraries for constructing the message and i am writing interface to send the HTTP request. So i will have to restrict to using the API's avaliable to me. Now i have a certificate chain and i have extracted the AIA extension from it. I have also constructed the OCSP request. Its as follows
GET http:{aia}/MEowSDBGMEQwQjAHBgUrDgMCGgQUe0Y3WX9XB1C9zPoP%2BJRjGFhFykEFDsSfpaXh6YJ%2Fw%3D%3D
Can you tell me what is rong with the above request.
As the responder is replying with malformed packet
Member
I have written my request below. Can u please help me out on this. I am not able to figure it out and i am new to OCSP too.Originally Posted by BIG FISH
Member
I am trying to create an OCSP request using Visual C++ for Windows 7 client.
I need some help on how to construct the OCSP Message.
Using Wireshark Traces I have the below sample trace of an http GET Request:
To be specific, I Would like to know how to construct this part of the request --> "MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdKNEwjytjKBQADcgM61jfflNpyQQUv1NDgnjQnsOA5RtnygUA37lIg6UCAQI%3 D" using existing Microsoft API's in Visual C++.
Member
In C++, you create an instance of this interface by calling the CoCreateInstance function with the CLSID_OCSPAdmin class identifier. In Visual Basic Scripting Edition, you create an instance of the OCSPAdmin object. More information can be found here - http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx
Member
Thankyou for the reply.
I just went through the doccumentationand I see this note : "This interface does not include functionality to create or parse certificate status requests."
I basically want to create an OCSP certificate status request as stated in RFC2560 -'Binary of DER Encoded OCSP Req' Would like to know how to retrieve these additional info from the certificate and construct it in that format.
Any examples would be helpful.
Thanks Again.
Member
Hi,
Searching for ways to send OCSP Request, today I
came across these structures holding OCSP Request parameters.
typedef struct _OCSP_REQUEST_INFO,
typedef struct _OCSP_REQUEST_ENTRY,
typedef struct _OCSP_CERT_ID.
But I have no clue if there are any functions(WIn Crypto API) using these structures.
Please let me know if anyone has used these structs
Member
I think that in the RSA BSAFE toolkit an OCSP context is created first. This context is used to hold the defaults for any OCSP requests which are created from it.
To create and OCSP context from a library context:
Code:R_LIB_CTX *lib_ctx; R_OCSP_CTX *ocsp_ctx = NULL; ... ret = R_OCSP_CTX_new(lib_ctx, R_RES_FLAG_DEF, &ocsp_ctx); if (ret != R_ERROR_NONE) { goto done; }
Posting Permissions
Reply With Quote
Bookmarks