projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06cf441) | patch
Make OCSP response verification more flexible.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 24 Mar 2015 12:14:56 +0000 (12:14 +0000)
commite35e22e1d930217fa0b879e0a7ae34efd94465e4
tree266bbda81c94a2d6096cb4f1607ec3fffc3dae5atree | snapshot
parent06cf4418cf45253afe401fd4270effd439103dcacommit | diff
Make OCSP response verification more flexible.

If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4ca5efc2874e094d6382b30416824eda6dde52fe)
crypto/ocsp/ocsp_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.