projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
339a182
)
Handle non-SHA1 digests for certids in OCSP test responder.
author
Dr. Stephen Henson
<steve@openssl.org>
Fri, 14 Dec 2007 12:43:50 +0000
(12:43 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Fri, 14 Dec 2007 12:43:50 +0000
(12:43 +0000)
apps/ocsp.c
patch
|
blob
|
history
diff --git
a/apps/ocsp.c
b/apps/ocsp.c
index 856bead88a6e1cb10212bd58e88d763d68d11400..c9e7443ca16f098f47bcac2c56028d4994f20988 100644
(file)
--- a/
apps/ocsp.c
+++ b/
apps/ocsp.c
@@
-1029,7
+1029,6
@@
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
goto end;
}
goto end;
}
- ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
@@
-1042,8
+1041,23
@@
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
OCSP_ONEREQ *one;
ASN1_INTEGER *serial;
char **inf;
OCSP_ONEREQ *one;
ASN1_INTEGER *serial;
char **inf;
+ ASN1_OBJECT *cert_id_md_oid;
+ const EVP_MD *cert_id_md;
one = OCSP_request_onereq_get0(req, i);
cid = OCSP_onereq_get0_id(one);
one = OCSP_request_onereq_get0(req, i);
cid = OCSP_onereq_get0_id(one);
+
+ OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid);
+
+ cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
+ if (! cert_id_md)
+ {
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+ NULL);
+ goto end;
+ }
+ if (ca_id) OCSP_CERTID_free(ca_id);
+ ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
+
/* Is this request about our CA? */
if (OCSP_id_issuer_cmp(ca_id, cid))
{
/* Is this request about our CA? */
if (OCSP_id_issuer_cmp(ca_id, cid))
{