diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-02-24 13:50:06 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-02-24 13:50:06 +0000 |
commit | f196522159a514915e6d749a71febd08e7a09b71 (patch) | |
tree | b493a977d2737a5e5b7972174826b6b7ec867426 /CHANGES | |
parent | 4ff18c8c3efa9416aabb50fa6e9026c2197c961b (diff) |
New function and options to check OCSP response validity.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -3,6 +3,17 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Add OCSP_check_validity() function to check the validity of OCSP + responses. OCSP responses are prepared in real time and may only + be a few seconds old. Simply checking that the current time lies + between thisUpdate and nextUpdate max reject otherwise valid responses + caused by either OCSP responder or client clock innacuracy. Instead + we allow thisUpdate and nextUpdate to fall within a certain period of + the current time. The age of the response can also optionally be + checked. Two new options -validity_period and -status_age added to + ocsp utility. + [Steve Henson] + *) If signature or public key algorithm is unrecognized print out its OID rather that just UNKOWN. [Steve Henson] |