mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:50:51 +02:00
415f4f0504
Adds resp_certid_keyhash_mismatch — a forged response signed by the legitimate ocsp-responder whose CertID pairs the legitimate root CA's issuerNameHash with the imposter root CA's issuerKeyHash. The new test_ocsp_responder_keyhash_binding asserts wolfSSL_OCSP_basic_verify rejects it, exercising the fix that requires both halves of the CertID to match the responder's issuer.
Before creating any new configure files (.conf) read the CONF_FILES_README.md