> OCSP responses do not seem to include the intermediate certificates so they > have to be acquired in other ways. I have been doing this and adding them > to the certificate stack handed to OCSP_basic_verify().
Perhaps adding them to X509_STORE or STORE_CTX directly? > I am relatively new to this so I may be incorrect; however, it seems to me > that the certificates in the cert argument should be added to the > X509_STORE_CTX. If you need to add certificates to validate a chain, it seems safer to explicitly add them to the store, not implicitly. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4620 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev