Forum Discussion

hui_37443's avatar
hui_37443
Icon for Nimbostratus rankNimbostratus
Feb 15, 2012

OCSP error handling

I've noticed that AUTH::response_data can return far more values than the wiki page claims. My F5 version is BIG-IP 10.2.0 Build 1707.0 Final.

 

 

According to Wiki, http://devcentral.f5.com/wiki/iRule..._data.ashx,

 

OCSP returns one of the following,

 

"OK"

 

"Error (Could not connect to server)"

 

"Error (Unknown client certificate)"

 

 

However, so far I have run into a couple more

 

Error (OCSP responder)

 

Error (Could not connect to server)

 

unauthorized

 

Error (Initialization error)

 

 

The last one is particularly puzzling, as so far I have no clue on what's gone wrong.

 

 

My questions here,

 

1. what does the "Initialization error" mean? And how to fix it?

 

 

2. Seems AUTH::status now always returns 1 for whatever unhappy scenario. I remeber in 9.x days I used to see -1 for error, and 1 for genuine revoked cert. Please confirm whether the behaviour has been changed, since when?

 

 

3. Is there a throrough list of response data for OCSP?

 

1 Reply

  • If you don't get an answer here, you could open a case with F5 Support to ask. You can ask them to reference BZ210706. If you do, can you reply with the case number and/or the reply you get.

     

     

    Aaron