[Pki-devel] [PATCH] 0051 Lightweight CAs: lookup correct issuer for OCSP responses
Fraser Tweedale
ftweedal at redhat.com
Thu Oct 1 12:43:51 UTC 2015
Hi all,
The attached patch makes sure that the right authority is used to
create OCSP responses. Note that OCSP requests may ask about certs
from more than one issuer - even though this is crazy the heuristic
used is to simply use issuer of the first CertID in the request.
Note that OCSP response validation of certificates issued by sub-CAs
currently fails due to a separate issue[1].
[1] https://fedorahosted.org/pki/ticket/1632
More information about the Pki-devel
mailing list