diff options
author | lloyd <[email protected]> | 2014-04-05 13:13:17 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-04-05 13:13:17 +0000 |
commit | aa3af43218106e184398f667f82110bb069abf8a (patch) | |
tree | cc602bc3e58a7b8fb364b3f31d373234c12459fb /doc/relnotes/0_8_3.rst | |
parent | c286fc7584039edc117f2f25c1fca1d1903b79d3 (diff) |
Fix an OCSP response decoding bug, we were not decoding KeyID properly.
Also prioritize checking the status code before the dates, as
otherwise an attacker could substitue a valid but expired response
which marked the cert as revoked and we would still just return
OCSP_EXPIRED. Obviously they can still play this game with an old
(valid) OCSP response, but no point making it easy.
Diffstat (limited to 'doc/relnotes/0_8_3.rst')
0 files changed, 0 insertions, 0 deletions