In ocsp_match_issuerid() we are passed the CA that signed the responder
authorDr. Stephen Henson <steve@openssl.org>
Wed, 11 Jul 2001 22:42:20 +0000 (22:42 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 11 Jul 2001 22:42:20 +0000 (22:42 +0000)
certificate so need to match its subject with the certificate IDs in the
response.

crypto/ocsp/ocsp_vfy.c

index be399a3..43b62a8 100644 (file)
@@ -305,7 +305,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                if ((cid->issuerNameHash->length != mdlen) ||
                   (cid->issuerKeyHash->length != mdlen))
                        return 0;
-               iname = X509_get_issuer_name(cert);
+               iname = X509_get_subject_name(cert);
                if (!X509_NAME_digest(iname, dgst, md, NULL))
                        return -1;
                if (memcmp(md, cid->issuerNameHash->data, mdlen))