On Tue, Mar 24, 2015 at 01:19:31PM +0100, Stephen Henson via RT wrote:
On Fri Mar 20 13:20:07 2015, alessan...@ghedini.me wrote:
Months have passed and I haven't received a reply yet (even worse, the
recent
obfuscation of the OCSP structures in 6ef869d7d0a9d made it impossible
to
OK thanks for confirming that. Ticket resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-dev mailing list
To unsubscribe:
On Fri Mar 20 13:20:07 2015, alessan...@ghedini.me wrote:
Months have passed and I haven't received a reply yet (even worse, the
recent
obfuscation of the OCSP structures in 6ef869d7d0a9d made it impossible
to
workaround the issue as curl has been doing [0]), so I thought I'd add
some more
On mar, gen 20, 2015 at 02:31:14 +0100, Alessandro Ghedini wrote:
Currently the OCSP_basic_verify() function fails with many apparently valid
OCSP
responses (e.g. all those sent by Cloudflare servers). Other libraries
(GnuTLS,
NSS) have no problem with them.
Essentially, in
On mar, gen 20, 2015 at 02:31:14 +0100, Alessandro Ghedini wrote:
Currently the OCSP_basic_verify() function fails with many apparently valid
OCSP
responses (e.g. all those sent by Cloudflare servers). Other libraries
(GnuTLS,
NSS) have no problem with them.
Essentially, in
On mar, gen 20, 2015 at 02:31:14 +0100, Alessandro Ghedini wrote:
Currently the OCSP_basic_verify() function fails with many apparently valid
OCSP
responses (e.g. all those sent by Cloudflare servers). Other libraries
(GnuTLS,
NSS) have no problem with them.
Essentially, in
On mar, gen 20, 2015 at 02:31:14 +0100, Alessandro Ghedini wrote:
Currently the OCSP_basic_verify() function fails with many apparently valid
OCSP
responses (e.g. all those sent by Cloudflare servers). Other libraries
(GnuTLS,
NSS) have no problem with them.
Essentially, in
Currently the OCSP_basic_verify() function fails with many apparently valid OCSP
responses (e.g. all those sent by Cloudflare servers). Other libraries (GnuTLS,
NSS) have no problem with them.
Essentially, in crypto/ocsp/ocsp_vfy.c in the OCSP_basic_verify() function, the
X509_STORE_CTX_init()