Forum Discussion
hui_37443
Feb 15, 2012Nimbostratus
OCSP error handling
I've noticed that AUTH::response_data can return far more values than the wiki page claims. My F5 version is BIG-IP 10.2.0 Build 1707.0 Final.
According to Wiki, http://devcentral.f5.com/wiki/iRule..._data.ashx,
OCSP returns one of the following,
"OK"
"Error (Could not connect to server)"
"Error (Unknown client certificate)"
However, so far I have run into a couple more
Error (OCSP responder)
Error (Could not connect to server)
unauthorized
Error (Initialization error)
The last one is particularly puzzling, as so far I have no clue on what's gone wrong.
My questions here,
1. what does the "Initialization error" mean? And how to fix it?
2. Seems AUTH::status now always returns 1 for whatever unhappy scenario. I remeber in 9.x days I used to see -1 for error, and 1 for genuine revoked cert. Please confirm whether the behaviour has been changed, since when?
3. Is there a throrough list of response data for OCSP?
- hooleylistCirrostratusIf you don't get an answer here, you could open a case with F5 Support to ask. You can ask them to reference BZ210706. If you do, can you reply with the case number and/or the reply you get.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects