[openssl-dev] [openssl.org #3668] [PATCH] Don't use the cert list embedded in the OCSP response to build the trust chain
Alessandro Ghedini via RT
rt at openssl.org
Wed Mar 25 10:34:04 UTC 2015
On Tue, Mar 24, 2015 at 01:19:31PM +0100, Stephen Henson via RT wrote:
> On Fri Mar 20 13:20:07 2015, alessandro at ghedini.me wrote:
> >
> > Months have passed and I haven't received a reply yet (even worse, the
> > recent
> > obfuscation of the OCSP structures in 6ef869d7d0a9d made it impossible
> > to
> > workaround the issue as curl has been doing [0]), so I thought I'd add
> > some more
> > information to hopefully have this issue resolved.
> >
>
> Sorry for the delay in responding. Unfortunately I can't apply your patch
> because it would break any applications which rely on the existing behaviour. I
> have just committed a change which will concatenate the supplied certificates
> with any internal ones. This should address your problem (the test program now
> works) and retain compatibility.
Thanks, your patch works for me too. I guess this bug can be closed now.
Cheers
More information about the openssl-dev
mailing list