[openssl-dev] [openssl.org #4620] OCSP_basic_verify() question/comment
Salz, Rich via RT
rt at openssl.org
Thu Jul 21 08:27:15 UTC 2016
> OCSP responses do not seem to include the intermediate certificates so they
> have to be acquired in other ways. I have been doing this and adding them
> to the certificate stack handed to OCSP_basic_verify().
Perhaps adding them to X509_STORE or STORE_CTX directly?
> I am relatively new to this so I may be incorrect; however, it seems to me
> that the certificates in the cert argument should be added to the
> X509_STORE_CTX.
If you need to add certificates to validate a chain, it seems safer to explicitly add them to the store, not implicitly.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4620
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list