Add a comment to OCSP_id_issuer_cmp() to make blind use of X509_ALGOR_cmp()

less likely. ok jsing
author: tb <> 2024-08-28 06:27:19 +0000
committer: tb <> 2024-08-28 06:27:19 +0000
commit: 079cd1e5ed7a1c794d168379bc23f4af38bf91d1 (patch)
tree: 06b87b20071d2314562136b99b143861f11e5c2d /src/lib
parent: 9e08860a6a43bd5ce18a96d9d9409782f57a9d5a (diff)
download: openbsd-079cd1e5ed7a1c794d168379bc23f4af38bf91d1.tar.gz
openbsd-079cd1e5ed7a1c794d168379bc23f4af38bf91d1.tar.bz2
openbsd-079cd1e5ed7a1c794d168379bc23f4af38bf91d1.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 216af18fcd..521fb67aed 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_lib.c,v 1.27 2024/08/28 06:26:06 tb Exp $ */
+/* $OpenBSD: ocsp_lib.c,v 1.28 2024/08/28 06:27:19 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */
@@ -157,6 +157,11 @@ OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
 {
        int ret;
+        /*
+         * XXX - should we really ignore parameters here? We probably need to
+         * consider omitted parameters and explicit ASN.1 NULL as equal for
+         * the SHAs, so don't blindly switch to X509_ALGOR_cmp().
+         */
        ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
        if (ret)
                return ret;
author	tb <>	2024-08-28 06:27:19 +0000
committer	tb <>	2024-08-28 06:27:19 +0000
commit	079cd1e5ed7a1c794d168379bc23f4af38bf91d1 (patch)
tree	06b87b20071d2314562136b99b143861f11e5c2d /src/lib
parent	9e08860a6a43bd5ce18a96d9d9409782f57a9d5a (diff)
download	openbsd-079cd1e5ed7a1c794d168379bc23f4af38bf91d1.tar.gz openbsd-079cd1e5ed7a1c794d168379bc23f4af38bf91d1.tar.bz2 openbsd-079cd1e5ed7a1c794d168379bc23f4af38bf91d1.zip