Hi,all
I am studying using OpenSSL to verify an OCSP response
signed by a delegated signer.
I know , there should be OCSPSigning OID in the certificate of the
delegated OCSP response signer.
But , how can I judge it from the X509 structure?
That is to say , when I get the X509 struct of the delegated signer
certificate, how can I judge this certificate has been delegated to sign the
ocsp response by the issuer?
I have found the function ocsp_check_delegated() , maybe I can use
it.
But I do not understand why it does so.
Can anyone kindly explain something to me?
Thank a lot
wjw |