Age | Commit message (Collapse) | Author |
|
Add additional check to catch this in ASN1_item_verify too.
|
|
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
|
|
|
|
|
|
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
|
|
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
|
|
certificate so need to match its subject with the certificate IDs in the
response.
|
|
|
|
properly and supports several flags.
|
|
|
|
|
|
|
|
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
|
|
accordance with RFC2560.
|
|
it just supports a "trusted OCSP global root CA".
|
|
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
verify.
Fix warning in RAND_egd().
|