Handle non-SHA1 digests for certids in OCSP test responder.

author: Dr. Stephen Henson <steve@openssl.org> 2007-12-14 12:43:50 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-12-14 12:43:50 +0000
commit: 341e18b49756607e717745d771c6d191feb3223b (patch)
tree: 3480f93d44bfbe1c0b2d4bd8c41f87d57bd930e2 /apps/ocsp.c
parent: 339a1820fdab1448a4e447de40fa2c1c021b2b55 (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 856bead88a..c9e7443ca1 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1029,7 +1029,6 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
 		goto end;
 		}
 
-	ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
 
 	bs = OCSP_BASICRESP_new();
 	thisupd = X509_gmtime_adj(NULL, 0);
@@ -1042,8 +1041,23 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
 		OCSP_ONEREQ *one;
 		ASN1_INTEGER *serial;
 		char **inf;
+		ASN1_OBJECT *cert_id_md_oid;
+		const EVP_MD *cert_id_md;
 		one = OCSP_request_onereq_get0(req, i);
 		cid = OCSP_onereq_get0_id(one);
+
+		OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid);
+
+		cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);	
+		if (! cert_id_md) 
+			{
+			*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+				NULL);
+				goto end;
+			}	
+		if (ca_id) OCSP_CERTID_free(ca_id);
+		ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
+
 		/* Is this request about our CA? */
 		if (OCSP_id_issuer_cmp(ca_id, cid))
 			{
author	Dr. Stephen Henson <steve@openssl.org>	2007-12-14 12:43:50 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-12-14 12:43:50 +0000
commit	341e18b49756607e717745d771c6d191feb3223b (patch)
tree	3480f93d44bfbe1c0b2d4bd8c41f87d57bd930e2 /apps/ocsp.c
parent	339a1820fdab1448a4e447de40fa2c1c021b2b55 (diff)