CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/04/07 07:02:50
Modified files:
lib/libcrypto/ocsp: ocsp_vfy.c
Log message:
Refactor and fix ocsp_find_signer_sk()
Instead of reaching deep inside the OCSP_BASICRESP and ignoring its
semantics and then try to untangle things in ocsp_find_signer_sk(),
pass the OCSP_BASICRESP and use OCSP_resp_get0_id() which has the
logic built in. Avoids a crash if you call OCSP_basic_verify() after
OCSP_BASICRESP_new() without OCSP_basic_sign(). This cannot happen on
a deserialized OCSP object.
Prompted by a report by Kamil Frankowicz, Jan Kaminski, Bartosz Michalowski.
ok jsing
