diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-01-18 01:35:39 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-01-18 01:35:39 +0000 |
commit | e8af92fcb1c3ae1b19e697d58b2dace46ca08aa7 (patch) | |
tree | 09857b6fe1ed2eaebe7409eb60b93ee079238006 /CHANGES | |
parent | 361ef5f4dc0a615b13d02f74e2b00b015b42be58 (diff) |
Implement remaining OCSP verify checks in
accordance with RFC2560.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -3,6 +3,16 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Add additional OCSP certificate checks. These are those specified + in RFC2560. This consists of two separate checks: the CA of the + certificate being checked must either be the OCSP signer certificate + or the issuer of the OCSP signer certificate. In the latter case the + OCSP signer certificate must contain the OCSP signing extended key + usage. This check is performed by attempting to match the OCSP + signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash + in the OCSP_CERTID structures of the response. + [Steve Henson] + *) Initial OCSP certificate verification added to OCSP_basic_verify() and related routines. This uses the standard OpenSSL certificate verify routines to perform initial checks (just CA validity) and |