diff options
author | Pauli <pauli@openssl.org> | 2021-05-31 14:29:34 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-02 16:30:15 +1000 |
commit | 126e37716fc4c5dc55805b721c38f5ef94c75612 (patch) | |
tree | 1d1f071c86188afe0c9b09a4ff69beca9db1a4d4 /crypto/ocsp | |
parent | 29cfba8599a649bc70a9414e701c68efceab13a3 (diff) |
ocsp: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 5e829fa972..7a4a45d537 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -51,12 +51,11 @@ static int ocsp_verify_signer(X509 *signer, int response, && X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0) /* * Locally disable revocation status checking for OCSP responder cert. - * Done here for CRLs; TODO should be done also for OCSP-based checks. + * Done here for CRLs; should be done also for OCSP-based checks. */ X509_VERIFY_PARAM_clear_flags(vp, X509_V_FLAG_CRL_CHECK); X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST); - /* TODO: why is X509_TRUST_OCSP_REQUEST set? Seems to get ignored. */ ret = X509_verify_cert(ctx); if (ret <= 0) { |