]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 79cc541) | patch
Make OCSP response verification more flexible.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 24 Mar 2015 12:15:17 +0000 (12:15 +0000)
commit246b35a96e6402583825fcee6a4ce5305e26ec76
treedc26cd6e627cf0079cdd9b012952c913e70bb5aatree | snapshot
parent79cc5417a4099c3e61c806a918665570e9aa3c57commit | diff
Make OCSP response verification more flexible.

If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4ca5efc2874e094d6382b30416824eda6dde52fe)
crypto/ocsp/ocsp_vfy.c diff | blob | blame | history
A mirror of the official openssl repository