Fix an OCSP response decoding bug, we were not decoding KeyID properly. - botan.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	lloyd <[email protected]>	2014-04-05 13:13:17 +0000
committer	lloyd <[email protected]>	2014-04-05 13:13:17 +0000
commit	aa3af43218106e184398f667f82110bb069abf8a (patch)
tree	cc602bc3e58a7b8fb364b3f31d373234c12459fb /doc/relnotes/0_7_6.rst
parent	c286fc7584039edc117f2f25c1fca1d1903b79d3 (diff)

Fix an OCSP response decoding bug, we were not decoding KeyID properly.

Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy.

Diffstat (limited to 'doc/relnotes/0_7_6.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: