Setting HTTP headers with OpenSSL and the OCSP test client

3 Replies

So I have been doing some OCSP performance bench-marking the last few weeks, one of the things we noticed while doing this is that OpenSSL does not set the HOST header when sending requests.

This is a problem when interacting with a OCSP responder that is on a shared host (a virtual host), without it the web-server doesn’t know which instance to send the request to. You can work around this by using the “-header” command, for example:

openssl ocsp -noverify -no_nonce -respout ocspglobalsignca.resp -reqout ocspglobalsignca.req -issuer globalsigng2.cer -cert globalsign.com.cer -url “http://ocsp2.globalsign.com/gsextendvalg2” -header “HOST'” “ocsp2.globalsign.com”

You need to ensure the HOST header is set consistently with the host contained in the -url switch but it works.

Ryan

3 thoughts on “Setting HTTP headers with OpenSSL and the OCSP test client”

Gabriele August 9, 2012 at 1:07 am

Hi,
I can’t find any realese of openssl that support the option header. Can you share info about it ?

Reply ↓
1. rmhrisk Post authorAugust 9, 2012 at 1:48 am
  
  Its been supported since around 9.8 but they never added it to the help menu, its there just give it a try.
  
  Reply ↓
Gabriele August 9, 2012 at 6:51 am

ok thank you
in 1.0 work great
(on Mac 10.8 that include OpenSSL 0.9.8r 8 Feb 2011 doesen’t work)

Reply ↓

Leave a Reply Cancel reply