projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bc0eb82) | patch
Make OCSP response verification more flexible.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 24 Mar 2015 12:14:04 +0000 (12:14 +0000)
commit4ba9a4265bd445428bf5bc94b6adf469de90297e
treef96a2dd628c2cbcd73227d5e654735e08aa138cetree | snapshot
parentbc0eb82b852cb10a3f34cbd17fdda7d8b4bdeb0ecommit | diff
Make OCSP response verification more flexible.

If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4ca5efc2874e094d6382b30416824eda6dde52fe)
crypto/ocsp/ocsp_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.