I wrote this code to check cert.pem status to see if it is revoked or not but it keeps giving me this error does anyone know why, it doesnt work even though it works on shell_script
openssl ocsp -issuer ca.pem -cert cert.pem -url 'http://ocsp.apple.com/ocsp03-wwdrg301' -CAfile ca.pem
Code:
require 'net/http'
require 'openssl'
require 'base64'
require 'test/unit'
extend Test::Unit::Assertions
def load_cert(name)
OpenSSL::X509::Certificate.new(File.read(name))
end
subca = load_cert('ca.pem')
cert = load_cert('cert.pem')
cid = OpenSSL::OCSP::CertificateId.new(cert, subca)
request = OpenSSL::OCSP::Request.new.add_certid(cid)
# with post, work
ocsp_uri = URI('http://ocsp.apple.com/ocsp03-wwdrg301')
http_resp = Net::HTTP.post(ocsp_uri, request.to_der, 'Content-Type' => 'application/ocsp-response')
resp = OpenSSL::OCSP::Response.new(http_resp.body)
assert_equal resp.status, OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
assert resp.basic.is_a? OpenSSL::OCSP::BasicResponse
first_cert_id = resp.basic.status[0][0]
assert first_cert_id.cmp(cid)
assert first_cert_id.cmp_issuer(cid)
assert_equal first_cert_id.serial, cert.serial
resp.basic.responses.each do |resp|
assert resp.is_a? OpenSSL::OCSP::SingleResponse
assert resp.check_validity
end
store = OpenSSL::X509::Store.new
store.add_cert(cert)
store.add_cert(subca)
assert resp.basic.verify([], store)
ERROR: x.rb:28:in 'initialize': d2i_OCSP_RESPONSE: nested asn1 error (OpenSSL::OCSP::OCSPError) from x.rb:28:in 'new' from x.rb:28:in '<main>'