[openssl-dev] [openssl.org #3668] [PATCH] Don't use the cert list embedded in the OCSP response to build the trust chain
Stephen Henson via RT
rt at openssl.org
Tue Mar 24 12:19:31 UTC 2015
On Fri Mar 20 13:20:07 2015, alessandro at ghedini.me wrote:
>
> Months have passed and I haven't received a reply yet (even worse, the
> recent
> obfuscation of the OCSP structures in 6ef869d7d0a9d made it impossible
> to
> workaround the issue as curl has been doing [0]), so I thought I'd add
> some more
> information to hopefully have this issue resolved.
>
Sorry for the delay in responding. Unfortunately I can't apply your patch
because it would break any applications which rely on the existing behaviour. I
have just committed a change which will concatenate the supplied certificates
with any internal ones. This should address your problem (the test program now
works) and retain compatibility.
Let me know of any problems.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list