Commit Graph

9 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 415f4f0504 tests: add OCSP responder CertID issuerKeyHash binding test
Adds resp_certid_keyhash_mismatch — a forged response signed by the
legitimate ocsp-responder whose CertID pairs the legitimate root CA's
issuerNameHash with the imposter root CA's issuerKeyHash. The new
test_ocsp_responder_keyhash_binding asserts wolfSSL_OCSP_basic_verify
rejects it, exercising the fix that requires both halves of the
CertID to match the responder's issuer.
2026-05-12 14:36:00 +02:00
Paul Adelsbach ebda79fadb Fix OCSP->CRL fallback 2026-02-26 11:44:50 -08:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
JacobBarthelmeh 6c74098be5 run renewcerts.sh, gencertbuf.pl, and create_ocsp_test_blobs.py 2025-11-14 14:45:37 -07:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Marco Oliverio 69116eb05d ocsp/tests: update blobs and add license header 2025-02-17 08:59:29 +00:00
Marco Oliverio f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio 2fe413d80f ocsp: add tests 2025-02-17 08:59:23 +00:00