wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

ocsp: try lookup certificate using keyHash as KeyId

Browse Source 
try to lookup the certificate using the key hash as key identifier
first. If we can't find a certificate, it means that the certificate
uses another method to compute the key identifier so we need to fallback
to linear search.
This commit is contained in:
Marco Oliverio
2024-09-05 09:49:01 +00:00
parent 293719c168
commit 6114691fd6
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/ssl.c
View File

@@ -5113,6 +5113,13 @@ Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
if (cm == NULL || keyHash == NULL)
return NULL;
/* try lookup using keyHash as subjKeyID first */
ret = GetCA(vp, (byte*)keyHash);
if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
return ret;
}
/* if we can't find the cert, we have to scan the full table */
if (wc_LockMutex(&cm->caLock) != 0)
return NULL;
@@ -5120,8 +5127,7 @@ Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
for (signers = cm->caTable[row]; signers != NULL;
signers = signers->next) {
if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE)
== 0) {
if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
ret = signers;
break;
}