Hello!
I have been using openssl to get OCSP status for a certificate and I ran across an interesting case. OCSP responses do not seem to include the intermediate certificates so they have to be acquired in other ways. I have been doing this and adding them to the certificate stack handed to OCSP_basic_verify(). However, I have noticed that these certificates are not used in creating a certificate chain back to a root CA because they are not added to the X509_STORE_CTX that is sent to X509_verify_cert() and X509_STORE_CTX_get1_chain(). I am relatively new to this so I may be incorrect; however, it seems to me that the certificates in the cert argument should be added to the X509_STORE_CTX. What are your thoughts? Thanks, Greg -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4620 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
