OpenCA Labs
OPENSOURCE SECURITY AND IDENTITY MANAGEMENT SOLUTIONS
OCSPD v3.1.2
Get the new Version!

The OpenCA PKI Research Labs, born from the former OpenCA Project, is an open organization aimed to provide a framework for PKI studying and development of related projects. As the PKIs standards, interests and projects are growing fast, it has been decided to split the original project into smaller ones to speed up and reorganize efforts. Some projects have already started and received (whenever possible) funds, while others are finding their way to the final decisional stage.

We strongly encourage everyone to contribute to our initiatives and projects. We welcome contributions in many forms. Our members are those individuals who have demonstrated a commitment to collaborative open-source software development through sustained participation and contributions within the Foundation's projects.

OCSPD v3.1.2 (Diamond)
by #madwolf @ 04.06.2018

The new version (v3.1.2/Diamond) of the OpenCA's OCSPD is available. This release provides fixes over the previous one. Some of which are: updated requirement for libpki (now 0.8.9), improved HTTP messages handling, fixed responderId generation for the keyid case, initial skeleton support for responses caching, fixed memory leak issues for CRL reloading. Download the new version for your system in the OCSPD download pages.

LibPKI v0.8.9 (Ruby)
by #Massimiliano Pala @ 04.06.2018

After too much time, we finally have the new release of LibPKI that that implements partial internal code re-organization. The new version includes many fixes for memory-related issues and PKCS#11 integration. This new version is required for the new OCSPD release (v3.1.2). Download the new version for your system in the LibPKI download pages.

OCSPD v3.1.1 (Rodeo)
by #madwolf @ 24.03.2015

The new version (v3.1.1/Rodeo) of the OpenCA's OCSPD is available. This release provides fixes over the previous one. Some of which are: updated requirement for libpki - now 0.8.8, fixed generating normal responses when crlCheckValidity is set to '0' and the CRL is outside its validity period (previous behavior was to send a tryLater response). Download the new version for your system in the OCSPD download pages.

LIBPKI UPGRADE REQUIRED (OCSPD)
by #madwolf @ 24.03.2015

A new version of LibPKI (v0.8.8) is available for download. The new version fixes important bugs that might affect the installation of the OCSPD. Everybody is STRONGLY encouraged to upgrade the LibPKI package to the latest available version.

LibPKI v0.8.8 (Fixer)
by #madwolf @ 24.03.2015

The new version (v0.8.8/Fixer) of LibPKI is available. Changes mostly involve bug fixes that affected many libpki-tools. Download the new version for your system in the LibPKI download pages.

OCSPD v3.1.0 (Steamy)
by #madwolf @ 13.08.2014

The new version (v3.1.0/Steamy) of the OpenCA's OCSPD is available. This release provides many new features and fixes over the previous one. Some of which are: updated support for libpki 0.8.7, fixed HTTP GET message handling, leverage the new PKI_MEM encoding interface, enhanced performances (up to 8,000 signatures per second in software). Download the new version for your system in the OCSPD download pages.

LibPKI v0.8.7 (Grouchy)
by #madwolf @ 08.13.2014

The new version (v0.8.7/Grouchy) of LibPKI is available. Changes mostly involve HTTP GET messages fixing, OCSP interface improvements, and memory fixes. Download the new version for your system in the LibPKI download pages.

Sources Available on GitHub
by #director @ 28.07.2014

We moved our sources to the public GitHub repository. This will allow better source code availability and maintenance. We still suggest to download the packages and the source code directly from our repositories and mirros. The repositories can be found here.

OCSPD v3.0.0 (FreeDom)
by #madwolf @ 10.05.2014

The new version (v3.0.0/FreeDom) of the OpenCA's OCSPD is available. Changes mostly involve updating support for LibPKI 0.8.5 which fixes HTTP performances issues. Download the new version for your system in the OCSPD download pages.

LibPKI (Divorcé)
by #madwolf @ 10.05.2014

The new version (v0.8.5/Divorcé) of LibPKI is available. Changes mostly involve HTTP messages bug fixing, X509 object signing fix, and performance enhancing (reached 460+ signatures in software only configuration). Download the new version for your system in the LibPKI download pages.

OCSPD v2.4.3 (BeHappy)
by #madwolf @ 24.09.2013

The new version (v2.4.3/BeHappy) of the OpenCA's OCSPD is available. Changes mostly involve updating support for LibPKI 0.8.1 which fixes a URI parsing issue with HTTP GET requests. Download the new version for your system in the OCSPD download pages.

LibPKI v0.8.1 (BeMore)
by #madwolf @ 22.09.2013

The new version (v0.8.1/BeMore) of LibPKI is available. Changes mostly involve bug fixing and URI parsing (fixes a bug in OpenCA OCSPD with HTTP GET requests). Download the new version for your system in the LibPKI download pages.

OCSPD v2.4.2 (Ocampa)
by madwolf @ 03.08.2013

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version are: updated support for LibPKI 0.8.0+, fixed start/stop script, fixed memory leaks, fixed error in configuration that prevented the reloading of expired CRLs, improved response time, fixed support for GET request types.

OpenCA PKI v1.5.0 (SpecialK)
by madwolf @ 08.08.2013

The OpenCA PKI v.1.5.1 (SpecialK) is out! This version incorporates all the bug fixes from v1.3.0. The changes are available in the ChangeLog link from the OpenCA downloads page.

LibPKI v0.8.0 (Sequester)
by #madwolf @ 03.08.2013

The new version (v0.8.0/Sequester) of LibPKI is available. Changes mostly involve bug fixing. Download the new version for your system in the LibPKI download pages.

LibPKI v0.6.7 (Papocchio)
by #madwolf @ 17.02.2012

The new version (v0.6.7/Papocchio) of LibPKI is available. Major changes over v0.6.5 are: fixed OCSP response initialization, added support for DNS url for retrieving DNS records via the simple URL_* interface, added initial support for Lightweight Internet Revocation Tokens (LIRTs) Download the new version for your system in the LibPKI download pages.

LibPKI v0.6.5 (Hope)
by #madwolf @ 15.02.2011

The new version (v0.6.5/Hope) of LibPKI is available. Major changes over v0.6.4 are: fixed a key-encoding error in OpenSSL, added new pki-siginfo tool to ease signature info gathering for X509 objs, added PKI_X509_KEYPAIR_get_curve() to get curve related to an EC key, added possibility to load any type of X509 objects by using PKI_X509_get() with PKI_DATATYPE_ANY as a type, fixed an error when setting the signature algorithm in PKI_X509_CERT_new(), enhanced support for ECDSA key management. Download the new version for your system in the LibPKI download pages.

LibPKI v0.6.4 (Broadway)
by #madwolf @ 15.02.2011

The new version (v0.6.4/Broadway) of LibPKI is available. Major changes over v0.6.3 are: fixed HTTP code (memory allocation error), enhanced command-line tool for CRL manipulation (pki-crl). Download the new version for your system in the LibPKI download pages.

OCSPD v2.1.0 (Ellie)
by madwolf @ 11.02.2011

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version are: Updated default configuration files (default passin set to none), enhanced support for ECDSA support, updated thread management with builtin support from LibPKI 0.6.3, fixed start/stop script, fixed a memory error in config.c causing segfault on CRL reload, deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer), fixed an error in return code check for PKI_NET_listen, fixed error in config parsing when no bind address was provided.

LibPKI v0.6.3 (Viper)
by #madwolf @ 10.02.2011

The new version (Viper/v0.6.3) of LibPKI is available. Major changes over v0.6.1 are: extended support for ECDSA (via profile/keyParams in profile configuration files), fixed linker issues on Solaris, added pki-cert command line tool, fixed ocsp library code. Download the new version for your system in the LibPKI download pages.

DemoCA Online Again
by madwolf @ 12.12.2010

The demo online CA is back online due to great demand from people interested in the OpenCA PKI software. We will try to keep it online as much as possible, please be warned, though, that it is just a DEMO service and no liability is implied.

Current version of the Online CA is v1.1.1.

OCSPD Firefox Fix
by madwolf @ 19.11.2010

Due to a bug in Firefox (memory management), you need to have the OCSPD to be compiled against the LibPKI v0.6.1+. Please download the source code and re-compile the daemon once you updated the crypto library.

OCSPD 2.0.0
by madwolf @ 17.11.2010

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version (mostly coming from supporting for LibPKI v0.6.0) are: extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, IPv6 support.

LibPKI v0.6.0 (Turkey)
by #madwolf @ 17.11.2010

The new version (Turkey/v0.6.0) of LibPKI is available. Major changes over v0.5.1 are: support for IPv6 in network calls, fixes for URL parsing and PKI_SSL_* interface enhancements. Get the new version for your system in the LibPKI download pages.

LibPKI v0.5.1 (Zoiberg)
by #madwolf @ 02.09.2010

The new version (Zoiberg/v0.5.1) of LibPKI is available. Major changes over v0.5.0 are: better support for OS independent Thread Management together with thread synchronization primitives (mutexes, condition variables, and r/w locks, LDAP interface fixes. Get the new version for your system in the LibPKI download pages.

Yum Repositories
28.08.2010 #madwolf

Yum repositories for OpenCA projects have been created. If your system supports Yum (and RPMs) you can use the provided links to install the repository configuration on your system.

LibPKI v0.5.0
27.08.2010 #madwolf

The new version (lulu/v0.5.0) of LibPKI is available for download. Many changes to the library and bug fixing over the old version. In particular: added support for different OSes (initial support for Win port), added PKI_SSL and support for easy SSL/TLS management, added support for Win LDAP API, added support for 64bit architectures, added safe URL encoding for HTTP GET protocol, added platform-independed thread management.

New Website Layout
26.08.2010 #madwolf
The OpenCA Website has undergone a complete makeover to address incompatibities with some web browsers (IE) and to provide a cleaner interface for users. Please let us know if you like it here.
Webserver fixed
06.01.2010 #madwolf
The problems with the OpenCA's servers have been fixed. Please let us know if you still experience any major inconvenience when using OpenCA services.
946,198