Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 8bdd0050e2f3419a61721d281b7216c628d10722
commit8bdd0050e2f3419a61721d281b7216c628d10722[log] [tgz]
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>Mon Jan 09 12:02:43 2023 +0100
committerWilliam Lallemand <wlallemand@haproxy.org>Mon Jan 09 15:43:41 2023 +0100
tree88d010474dbcebc369731ca16aa30b74306c0d91
parent57f60c2316c39e113a193d712ba30a608b2375f4 [diff]
MINOR: ssl: Create temp X509_STORE filled with cert chain when checking ocsp response

When calling OCSP_basic_verify to check the validity of the received
OCSP response, we need to provide an untrusted certificate chain as well
as an X509_STORE holding only trusted certificates. Since the
certificate chain and the issuer certificate are all provided by the
user, we assume that they are valid and we add them all to a temporary
store. This enables to focus only on the response's validity.
1 file changed
tree: 88d010474dbcebc369731ca16aa30b74306c0d91
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. CHANGELOG
  19. CONTRIBUTING
  20. INSTALL
  21. LICENSE
  22. MAINTAINERS
  23. Makefile
  24. README
  25. SUBVERS
  26. VERDATE
  27. VERSION