On Fri, May 12, 2006, John Pattern wrote: > Two questions: > > 1. Why OCSP_cert_to_id requires two certificates? Basically it should > require only the certificate to be checked to construct an OCSP > request, right? >
The certificate identifier needs the issuerNameHash, issuerKeyHash and serialNumber of the target certificate. The issuerKeyHash needs the public key of the issuing certificate which isn't part of the certificate being checked. > 2. When OCSP_basic_verify returns 0 does that mean a success or > failure? > Failure. The error queue will give details of the reason. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
