Hi guys, I had to look in-depth the ocsp stuff of openssl and some questions arise. Well, in ocsp.c I don't get why after trying OCSP_basic_verify(bs, verify_other, store, verify_flags) and the result is negative openssl ties to verify the signer's certificate again, but without the stack of certs (which to be verified) and all flags set to zero. I really don't understand this piece of code :(
Another question bothering me what is written in the ocsp documentation. This is done when all other verification checks failed: " Otherwise the root CA of the OCSP responders CA is checked to see if it is trusted for OCSP signing. If it is the OCSP verify succeeds. " My question is whether this check is openssl-specific or is RFC-based, because I've been searching for it in RFC2560 with no success. Any comments are welcomed :) Stefan ----------------------------- Всички говорят безплатно. Каквото изговориш до 6-ти януари, се презарежда по твоята vivatel сметка на 7-ми януари. http://www.vivatel.bg/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
