projects / haproxy-3.0.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 57f60c2) | patch
MINOR: ssl: Create temp X509_STORE filled with cert chain when checking ocsp response
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Mon, 9 Jan 2023 11:02:43 +0000 (12:02 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Mon, 9 Jan 2023 14:43:41 +0000 (15:43 +0100)
commit8bdd0050e2f3419a61721d281b7216c628d10722
tree88d010474dbcebc369731ca16aa30b74306c0d91tree | snapshot
parent57f60c2316c39e113a193d712ba30a608b2375f4commit | diff
MINOR: ssl: Create temp X509_STORE filled with cert chain when checking ocsp response

When calling OCSP_basic_verify to check the validity of the received
OCSP response, we need to provide an untrusted certificate chain as well
as an X509_STORE holding only trusted certificates. Since the
certificate chain and the issuer certificate are all provided by the
user, we assume that they are valid and we add them all to a temporary
store. This enables to focus only on the response's validity.
src/ssl_ocsp.c diff | blob | history
haproxy-3.0 public tree. Stable production code.