hui_37443
Feb 15, 2012Nimbostratus
OCSP error handling
I've noticed that AUTH::response_data can return far more values than the wiki page claims. My F5 version is BIG-IP 10.2.0 Build 1707.0 Final.
According to Wiki, http://devcentral.f5.com/wiki/iRule..._data.ashx,
OCSP returns one of the following,
"OK"
"Error (Could not connect to server)"
"Error (Unknown client certificate)"
However, so far I have run into a couple more
Error (OCSP responder)
Error (Could not connect to server)
unauthorized
Error (Initialization error)
The last one is particularly puzzling, as so far I have no clue on what's gone wrong.
My questions here,
1. what does the "Initialization error" mean? And how to fix it?
2. Seems AUTH::status now always returns 1 for whatever unhappy scenario. I remeber in 9.x days I used to see -1 for error, and 1 for genuine revoked cert. Please confirm whether the behaviour has been changed, since when?
3. Is there a throrough list of response data for OCSP?