@(#)(CAcert) $Id: README,v 1.2 2011/04/29 13:23:07 wytze Exp $

OCSPD software in use at CAcert
-------------------------------
The 1.5.2 directory contains the unpacked 1.5.2-cacert4.tar.gz tar ball
PLUS one patch to fix a null pointer reference / segfault problem which
showed up with Debian Lenny on the hobbynet server. It runs reliably IFF
you configure enough threads, since the process will deadlock when
running out of threads.
We don't run this software anymore since April 28, 2011.

The source code for 1.9.0 has been retrieved from:
   http://sourceforge.net/projects/openca/files/openca-ocspd/releases/v1.9.0/sources/openca-ocspd-1.9.0.tar.gz/download

The 1.9.0 directory contains the unpacked 1.9.0.tar.gz tar ball PLUS a
few debugging patches to try pinpointing the signature problem I found.
It runs reliably, also with just a few threads configured, but for the
second CA, it will sign replies with the signature of the first one,
which is clearly a bug (confirmed by the developer). For the time being
I have implemented a work-around, which will allow us to sign with the
second certificate provided that it is based on the same private key as
the first certificate (the software only "remembers" a single key).
I have also added some code to allow us to measure the number of requests
processed by the server. All patches are collected in the patch.cacert
file (which can be rebuilt with the MKPATCH script).

RELINFO, MAKE and INSTALL have been setup for 1.9.0, and the directory etc
contains a number of supporting files which are installed by the INSTALL
script.