On 05-01-16 21:23, rosect...@yahoo.com wrote:
Hi, I am using OCSP_response_status(..) to check the OCSP result. My
openssl is of version 1.0.1h.
It is noticed that if the response has some issue, for example, the ocsp
server can not be contacted and thus the request is timed out (this can
be handled separately.) or if the Responder URL path is not correct, the
call to OCSP_response_status(..) will generate a Segmentation fault.
If you pass incorrect data to OCSP_response_status(), things may go
wrong. So don't do that, then :-)
Instead, the HTTP library which you use should be able to inform you if
the HTTP request failed for some reason. When it does, don't call
OCSP_response_status()...
(also, make sure to call OCSP_basic_verify() before accepting the result
of OCSP_response_status() at fact value, because the latter checks the
signature while the former does not).
--
Wouter Verhelst
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
