diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 9a7c93497..5c1fe7010 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -4113,20 +4113,50 @@ int OcspResponseDecode(OcspResponse* resp)
 }
 
 
-void InitOcspRequest(OcspRequest* req)
+static int SetInt(const byte* input, word32 inputSz, byte* output)
 {
+	return 0;
 }
+#define MAX_INT_SZ 32
 
-
-int MakeOcspRequest(OcspRequest* req)
+int EncodeOcspRequest(DecodedCert* cert, byte* output, word32 outputSz)
 {
-    return 0;
-}
+	byte seqArray[5][MAX_SEQ_SZ];
+	/* The ASN.1 of the OCSP Request is an onion of sequences */
+	byte algoArray[MAX_ALGO_SZ];
+	byte issuerArray[MAX_ENCODED_DIG_SZ];
+	byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
+	byte snArray[MAX_INT_SZ];
 
+	word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, totalSz;
+	int i;
 
-int EncodeOcspRequest(void)
-{
-    return 0;
+	algoSz = SetAlgoID(SHAh, algoArray, hashType);
+	issuerSz = SetDigest(cert->issuerHash, SHA_SIZE, issuerArray);
+	issuerKeySz = SetDigest(cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
+	snSz = SetInt(cert->serial, cert->serialSz, snArray);
+
+	totalSz = algoSz + issuerSz + issuerKeySz + snSz;
+
+	for (i = 4; i >= 0; i--) {
+		seqSz[i] = SetSequence(totalSz, seqArray[i]);
+		totalSz += seqSz[i];
+	}
+	totalSz = 0;
+	for (i = 0; i < 5; i++) {
+		XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
+		totalSz += seqSz[i];
+	}
+	XMEMCPY(output + totalSz, algoArray, algoSz);
+	totalSz += algoSz;
+	XMEMCPY(output + totalSz, issuerArray, issuerSz);
+	totalSz += issuerSz;
+	XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
+	totalSz += issuerKeySz;
+	XMEMCPY(output + totalSz, snArray, snSz);
+	totalSz += snSz;
+
+    return totalSz;
 }
 
 #endif
diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h
index ed76251f2..87590a73d 100644
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@@ -335,13 +335,6 @@ enum Ocsp_Sums {
 
 
 typedef struct OcspResponse OcspResponse;
-typedef struct OcspRequest OcspRequest;
-
-
-struct OcspRequest {
-    byte* serialNumber; /* not owned by us */
-    int serialSz;
-};
 
 
 struct OcspResponse {
@@ -374,6 +367,7 @@ struct OcspResponse {
 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, byte*, word32, void*);
 CYASSL_LOCAL void FreeOcspResponse(OcspResponse*);
 CYASSL_LOCAL int  OcspResponseDecode(OcspResponse*);
+CYASSL_LOCAL int  EncodeOcspRequest(DecodedCert*, byte*, word32);
 
 
 #endif /* HAVE_OCSP */
diff --git a/cyassl/error.h b/cyassl/error.h
index 70eefcd40..0d8d8d273 100644
--- a/cyassl/error.h
+++ b/cyassl/error.h
@@ -96,9 +96,10 @@ enum CyaSSL_ErrorCodes {
 
     /* begin negotiation parameter errors */
     UNSUPPORTED_SUITE      = -270,            /* unsupported cipher suite */
-    MATCH_SUITE_ERROR      = -271             /* can't match cipher suite */
+    MATCH_SUITE_ERROR      = -271,            /* can't match cipher suite */
     /* end negotiation parameter errors only 10 for now */
     /* add strings to SetErrorString !!!!! */
+    OCSP_CERT_REVOKED      = -272
 };
 
 
diff --git a/cyassl/ocsp.h b/cyassl/ocsp.h
index f62b4e0f6..ee8af1534 100644
--- a/cyassl/ocsp.h
+++ b/cyassl/ocsp.h
@@ -37,8 +37,8 @@ typedef struct CYASSL_OCSP CYASSL_OCSP;
 typedef struct CertStatus CertStatus;
 
 struct CertStatus {
-    byte subjectHash[SHA_SIZE];
     byte issuerHash[SHA_SIZE];
+    byte issuerKeyHash[SHA_SIZE];
     byte serial[EXTERNAL_SERIAL_SIZE];
     int serialSz;
     int status;
diff --git a/src/internal.c b/src/internal.c
index 1495d31ac..c387e0dba 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1695,7 +1695,11 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
         }
 
 #ifdef HAVE_OCSP
-        CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert);
+        if (CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert) == CERT_REVOKED) {
+			CYASSL_MSG("\tOCSP Lookup returned revoked");
+			ret = OCSP_CERT_REVOKED;
+			fatal = 0;
+		}
 #endif
 
 #ifdef OPENSSL_EXTRA
@@ -3501,6 +3505,10 @@ void SetErrorString(int error, char* str)
         XSTRNCPY(str, "Bad Cert Manager error", max);
         break;
 
+    case OCSP_CERT_REVOKED:
+        XSTRNCPY(str, "OCSP Cert revoked", max);
+        break;
+
     default :
         XSTRNCPY(str, "unknown error number", max);
     }
diff --git a/src/ocsp.c b/src/ocsp.c
index 83b748d66..ffc34a312 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -305,13 +305,13 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
         return CERT_UNKNOWN;
     }
 
-    XMEMCPY(ocsp->status[0].subjectHash, cert->subjectHash, SHA_SIZE);
     XMEMCPY(ocsp->status[0].issuerHash, cert->issuerHash, SHA_SIZE);
+    XMEMCPY(ocsp->status[0].issuerKeyHash, cert->issuerKeyHash, SHA_SIZE);
     XMEMCPY(ocsp->status[0].serial, cert->serial, cert->serialSz);
     ocsp->status[0].serialSz = cert->serialSz;
     ocsp->statusLen = 1;
 
-    ocspReqSz = build_ocsp_request(ocsp, ocspReqBuf, ocspReqSz);
+    ocspReqSz = EncodeOcspRequest(cert, ocspReqBuf, ocspReqSz);
     httpBufSz = build_http_request(ocsp, ocspReqSz, httpBuf, httpBufSz);
 
     tcp_connect(&sfd, ocsp->overrideName, ocsp->overridePort);