mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-30 19:22:16 +01:00
6298074f93
OCSP uses an identified hash of the issuer's public key to identify the certificate's signer. (Typically this is SHA-1, but can be any SHA hash.) The AKID/SKID for the certificates usually are the SHA-1 hash of the public key, but may be anything. We cannot depend on the AKID for OCSP purposes. For OCSP lookups, wolfSSL calculates the hash of the public key based on the copy saved for use with the handshake signing. For RSA, that was fine. For ECDSA, we use the whole public key including the curve ID, but for OCSP the curve ID isn't hashed. Stored the hash of the public key at the point where we are looking at the key when reading in the certificate, and saving the hash in the signer record.