Hello!

On Fri, Dec 04, 2015 at 05:40:02PM -0500, agruener wrote:

> OCSP is not working on my raspberrypi2 with nginx 1.9.7 and OpenSSL 1.0.2e.
> I have compiled both together.
>
> tail /var/log/nginx/error.log
>
> 2015/12/04 22:28:21 [error] 14841#0: OCSP response not successful (1:
> malformedrequest) while requesting certificate status, responder:
> ocsp.startssl.com
> 2015/12/04 22:28:29 [error] 14841#0: OCSP response not successful (1:
> malformedrequest) while requesting certificate status, responder:
> ocsp.startssl.com
> 2015/12/04 22:28:30 [error] 14842#0: OCSP response not successful (1:
> malformedrequest) while requesting certificate status, responder:
> ocsp.startssl.com

The message means that an OCSP request was successfully sent, but
OCSP responder returned an error. This may be either due to OCSP
response being indeed incorrect for some reason, or due to a
problem on OCSP responder side.

You may try the following:

- check if OCSP requests from other clients (e.g., browsers) work;
note that openssl's OCSP client will likely fail out of the box;

- check if the same error occurs on x86 hosts for the same
certificate or not;

- try tcpdump'ing traffic between nginx and the OCSP
responder to see what happens on the wire.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx