wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rename the option to disable the new issuer sign check to ‘WOLFSSL_NO_OCSP_ISSUER_CHECK`.

Browse Source
This commit is contained in:
David Garske
2017-06-22 09:56:43 -07:00
parent a3578c6643
commit 3a4edf75bd
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wolfcrypt/src/asn.c
View File

@@ -40,9 +40,8 @@ ASN Options:
chain is not loaded. This only matches on subject and public key and chain is not loaded. This only matches on subject and public key and
does not perform a PKI validation, so it is not a secure solution. does not perform a PKI validation, so it is not a secure solution.
Only enabled for OCSP. Only enabled for OCSP.
* WOLFSSL_NO_OCSP_EXTKEYUSE_OCSP_SIGN: Can be defined for backwards * WOLFSSL_NO_OCSP_ISSUER_CHECK: Can be defined for backwards compatibility to
compatibility to disable matching of OCSP signing authority for the disable checking of OCSP subject hash with issuer hash.
certificate in question.
*/ */
#ifndef NO_ASN #ifndef NO_ASN
@@ -10770,7 +10769,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
return ret; return ret;
} }
#ifndef WOLFSSL_NO_OCSP_EXTKEYUSE_OCSP_SIGN #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
if ((cert.extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) { if ((cert.extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) {
if (XMEMCMP(cert.subjectHash, if (XMEMCMP(cert.subjectHash,
resp->issuerHash, KEYID_SIZE) == 0) { resp->issuerHash, KEYID_SIZE) == 0) {