[Pki-devel] [PATCH] 0051 Lightweight CAs: lookup correct issuer for OCSP responses

[Fraser Tweedale]

Hi all,

The attached patch makes sure that the right authority is used to
create OCSP responses.  Note that OCSP requests may ask about certs
from more than one issuer - even though this is crazy the heuristic
used is to simply use issuer of the first CertID in the request.

Note that OCSP response validation of certificates issued by sub-CAs
currently fails due to a separate issue[1].

[1] https://fedorahosted.org/pki/ticket/1632