Dear developers (especially Max), Attached is a patch for OCSP in openca branch 0.9.2.
1. It adds compatibility with OpenSSL-0.9.7/OpenSSL-0.9.8 by bruteconditional pre-processing in the file src/ocspd/src/config.h.in. Idea is that
OpenSSL-0.9.8 can only compile at ANSI-compatible compilers,while OpenSSL-0.9.7 can still cope without ANSI. With proposed idea we provide support for both cases.
2. UTF8 support. > For UTF8 specific support I am not sure if this is > really a problem as > the "hash shall be calculated over the DER > encoding of the issuer's name > field in the certificate being checked..." > therefore no specific code should > be used there. > Best Regards, Massimiliano Pala Yes. But once we get/put a human name (which could be in UTF8) from/to a database, we need to process it according to OpenSSL rules for handling UTF8 data. In this case, we substitute a call for X509_NAME_oneline() with a call to X509_NAME_print_ex() as OpenSSL-0.9.8 recommends.We also follow their advice to handle BIO object as having arbitrary size and nature.
Hence a new code looks a bit longer. 3. Checked to compile on FreeBSD-5.4.Both OpenSSL-0.9.8 compatibility and UTF8 support are added with just general considerations. Not functionally tested. Please let me know of any problems.
All the best, Sergei
patch_for_ocspd.tgz
Description: Binary data
