Refactor and fix ocsp_find_signer_sk() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2026-04-07 13:02:50 +0000
committer	tb <>	2026-04-07 13:02:50 +0000
commit	bd035cb5927e4f4359c2ecd94226a2536b0d7773 (patch)
tree	112a70f4aa92e2228bb940152df65d0a830a31c4 /src/lib/libcrypto/engine
parent	c8f25bd7366a35c48b23230ab0da4f3484424ba2 (diff)
download	openbsd-bd035cb5927e4f4359c2ecd94226a2536b0d7773.tar.gz openbsd-bd035cb5927e4f4359c2ecd94226a2536b0d7773.tar.bz2 openbsd-bd035cb5927e4f4359c2ecd94226a2536b0d7773.zip

Refactor and fix ocsp_find_signer_sk()

Instead of reaching deep inside the OCSP_BASICRESP and ignoring its semantics and then try to untangle things in ocsp_find_signer_sk(), pass the OCSP_BASICRESP and use OCSP_resp_get0_id() which has the logic built in. Avoids a crash if you call OCSP_basic_verify() after OCSP_BASICRESP_new() without OCSP_basic_sign(). This cannot happen on a deserialized OCSP object. Prompted by a report by Kamil Frankowicz, Jan Kaminski, Bartosz Michalowski. ok jsing

Diffstat (limited to 'src/lib/libcrypto/engine')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: