From 2b916952a8de5b1197169801925dad74aa3360cd Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 4 Feb 2001 03:04:43 +0000
Subject: Fix ASN1_TIME_to_generlizedtime().

Add protoype for OCSP_response_create().

Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
---
 crypto/ocsp/ocsp_srv.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'crypto/ocsp/ocsp_srv.c')

diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index b83992896f..5743f9c754 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -206,14 +206,22 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
 	int i;
 	OCSP_RESPID *rid;
 
-	if(!(flags & OCSP_NOCERTS) && !OCSP_basic_add1_cert(brsp, signer))
+	if (!X509_check_private_key(signer, key))
+		{
+		OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
 		goto err;
+		}
 
-	for (i = 0; i < sk_X509_num(certs); i++)
+	if(!(flags & OCSP_NOCERTS))
 		{
-		X509 *tmpcert = sk_X509_value(certs, i);
-		if(!OCSP_basic_add1_cert(brsp, tmpcert))
+		if(!OCSP_basic_add1_cert(brsp, signer))
+			goto err;
+		for (i = 0; i < sk_X509_num(certs); i++)
+			{
+			X509 *tmpcert = sk_X509_value(certs, i);
+			if(!OCSP_basic_add1_cert(brsp, tmpcert))
 				goto err;
+			}
 		}
 
 	rid = brsp->tbsResponseData->responderId;
-- 
cgit v1.2.3