[openssl-users] OCSP_BASICRESP_verify() in 1.1.0

Dave Coombs dcoombs at carillon.ca
Wed Nov 1 14:52:08 UTC 2017

>> It would be nice, though, if the API provided a way to get the signer's certificate.  There is OCSP_resp_get0_signature(), but that only returns the bit string.  Comparable functions in other modules (eg: X509_get0_signature(), X509_REQ_get0_signature(), X509_CRL_get0_signature(), CMS_SignerInfo_get0_algs()) provide a way to get any combination of bit string, algorithm, and signer cert.
> Kind of like https://github.com/openssl/openssl/pull/4573 ?

Quite a lot like that, yes.  Neat.  Is there any chance this might be included in the 1.1.0 series?


More information about the openssl-users mailing list