Hi, >From the code: http://cvs.openssl.org/fileview?f=openssl/crypto/ocsp/ocsp_cl.c&v=1.5.4.1
Can the 'sig' be removed as far as it is not used anywhere ? if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; (also sig declaration removal) I do not see any reason for keeping that there. Please englighten me if I am mistaken about it and thank you in advance ! :-) Best Regards, Laszlo Papp
--- ../tmp/openssl-SNAP-20110407/crypto/ocsp/ocsp_cl.c 2007-12-04 15:00:20.000000000 +0200 +++ crypto/ocsp/ocsp_cl.c 2011-04-07 17:05:33.713336268 +0300 @@ -148,13 +148,12 @@ unsigned long flags) { int i; - OCSP_SIGNATURE *sig; X509 *x; if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) goto err; - if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; + if (!(req->optionalSignature = OCSP_SIGNATURE_new())) goto err; if (key) { if (!X509_check_private_key(signer, key))