Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve

Use default algorithms for OCSP request and response signing. New command line option to support other digest use for OCSP certificate IDs.
author: Dr. Stephen Henson <steve@openssl.org> 2007-12-04 12:41:28 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-12-04 12:41:28 +0000
commit: cec2538ca9d053eb905069ea65e4925e9288558c (patch)
tree: 58faec8d97d2f3b2f66ffffa0840d20ed19d2863 /crypto/ocsp
parent: 28f7e60d474242aebea6d964f32521e2e27eadeb (diff)
2 files changed, 1 insertions, 2 deletions
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index 17bab5fc59..9c14d9da27 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -155,7 +155,6 @@ int OCSP_request_sign(OCSP_REQUEST   *req,
 			goto err;
 
 	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-	if (!dgst) dgst = EVP_sha1();
 	if (key)
 		{
 		if (!X509_check_private_key(signer, key))
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 23ea41c847..5ea7c270ed 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -316,7 +316,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
 			return -1;
 		if (memcmp(md, cid->issuerNameHash->data, mdlen))
 			return 0;
-		X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+		X509_pubkey_digest(cert, dgst, md, NULL);
 		if (memcmp(md, cid->issuerKeyHash->data, mdlen))
 			return 0;
author	Dr. Stephen Henson <steve@openssl.org>	2007-12-04 12:41:28 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-12-04 12:41:28 +0000
commit	cec2538ca9d053eb905069ea65e4925e9288558c (patch)
tree	58faec8d97d2f3b2f66ffffa0840d20ed19d2863 /crypto/ocsp
parent	28f7e60d474242aebea6d964f32521e2e27eadeb (diff)