Make OCSP response verification more flexible.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 24 Mar 2015 12:12:49 +0000 (12:12 +0000)
commit4ca5efc2874e094d6382b30416824eda6dde52fe
tree4aaae06a4d179aa6d9328f801eacbdffd859caeb
parent86d20cb6fd3267a603a3e4ec549ef1113c13a374
Make OCSP response verification more flexible.

If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/ocsp/ocsp_vfy.c