Hi,

I have set up a openssl CA with OCSP-Server and revocation list.
It works, but the OCSP-Server crashed by unexpectedly requests.
(A ocsp-request from a other computer using openssl ocsp works correctly)

The problem/crashes are reproducibility as follows:
Enter the address of the OCSP-Server into the address line of a normal browser (e.g. firefox) and send the request. You got a information from the browser to save a file.

At the same time the OCSP-Server crashes with the log-info: Responder Error: malformedrequest (1)
and with the monitor output: Invalid request 3

The used port (socket) is blocked for the time-out of the operating system (FIN_WAIT eg. 120Sek).
The openssl ocsp server can only be restarted after the expiry of the time-out of FIN_WAIT.