ocsp: remove TODOs

author Pauli <pauli@openssl.org>

Mon, 31 May 2021 04:29:34 +0000 (14:29 +1000)

committer Pauli <pauli@openssl.org>

Wed, 2 Jun 2021 06:30:15 +0000 (16:30 +1000)
author Pauli <pauli@openssl.org>
Mon, 31 May 2021 04:29:34 +0000 (14:29 +1000)
committer Pauli <pauli@openssl.org>
Wed, 2 Jun 2021 06:30:15 +0000 (16:30 +1000)
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c

index 5e829fa97278055789c672cb11b9101ff97577c9..7a4a45d537db02e12a8e847335da2524067d5a21 100644 (file)
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -51,12 +51,11 @@ static int ocsp_verify_signer(X509 *signer, int response,
              && X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0)
          /*
           * Locally disable revocation status checking for OCSP responder cert.
-         * Done here for CRLs; TODO should be done also for OCSP-based checks.
+         * Done here for CRLs; should be done also for OCSP-based checks.
           */
          X509_VERIFY_PARAM_clear_flags(vp, X509_V_FLAG_CRL_CHECK);
      X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
      X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
-    /* TODO: why is X509_TRUST_OCSP_REQUEST set? Seems to get ignored. */
  
      ret = X509_verify_cert(ctx);
      if (ret <= 0) {
author	Pauli <pauli@openssl.org>
	Mon, 31 May 2021 04:29:34 +0000 (14:29 +1000)
committer	Pauli <pauli@openssl.org>
	Wed, 2 Jun 2021 06:30:15 +0000 (16:30 +1000)