[openssl-users] OCSP_BASICRESP_verify() in 1.1.0

Benjamin Kaduk bkaduk at akamai.com
Wed Nov 1 16:20:34 UTC 2017

On 11/01/2017 09:52 AM, Dave Coombs wrote:
>>> It would be nice, though, if the API provided a way to get the signer's certificate.  There is OCSP_resp_get0_signature(), but that only returns the bit string.  Comparable functions in other modules (eg: X509_get0_signature(), X509_REQ_get0_signature(), X509_CRL_get0_signature(), CMS_SignerInfo_get0_algs()) provide a way to get any combination of bit string, algorithm, and signer cert.
>> Kind of like https://github.com/openssl/openssl/pull/4573 ?
> Quite a lot like that, yes.  Neat.  Is there any chance this might be included in the 1.1.0 series?

Since there have been no reviews yet, it's easy enough for me to add the
"1.1.0" label and see if a reviewer is persuaded that it is relevant there.


More information about the openssl-users mailing list