What's new in OpenCA OCSP Responder 3.1.0
Dec 16, 2014
- This release provides many new features and fixes over the previous one. Some of which are: updated support for libpki 0.8.7, fixed HTTP GET message handling, leverage the new PKI_MEM encoding interface, enhanced performances (up to 8,000 signatures per second in software).
New in OpenCA OCSP Responder 2.4.2 (Feb 4, 2014)
- Updated support for libpki 0.8.1 to fix HTTP GET method support
- Updated support for LibPKI 0.8.0
- Fixed getting the source IP address of connections
- Fixed reloading of expired CRLs (was: error in configuration parsing)
- Fixed memory leaks in response building
- Optimized network packet managing when sending responses
- Fixed the usage of the configured Hash algorithm (SHA-1 is needed on CISCO devices)
- Fixed support for GET HTTP method
- Updated API for using OCSPD with libpki 0.7.0+
- Improved logging for startup sequence (better report of errors during token loading)
- Fixed a memory issue related to inappropriate usage of syslog() instead of PKI_log()
- Added '-testmode' switch to set the OCSP as a test responder: all signatures are invalidated by flipping the first bit in the signature
New in OpenCA OCSP Responder 2.1.0 (Feb 14, 2011)
- Updated default configuration files (default passin set to none)
- Enhanced support for ECDSA support
- Updated thread management with builtin support from LibPKI 0.6.3
- Fixed start/stop script
- Added new method for token configuration passin -> none to avoid password promptin at startup
- Fixed a memory error in config.c causing segfault on CRL reload
- Set new requirements for libpki (0.6.3+)
- Deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer)
- Fixed an error in return code check for PKI_NET_listen.
- Due to bug fixing in Libpki, new Requirements for libpki is v0.6.2+
- Fixed error in config parsing when no bind address is provided
New in OpenCA OCSP Responder 2.0.0 (Nov 19, 2010)
- Extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, and IPv6 support.