[crypto] Accept OCSP responses containing multiple certificates - openslx-ng/ipxe.git - Fork of ipxe; additional commands and features

diff options

author	Michael Brown	2013-05-29 17:41:58 +0200
committer	Michael Brown	2013-05-29 17:41:58 +0200
commit	0036fdd5c5a232662d07c6d1310241f4c5b6ab83 (patch)
tree	c6381916694335b7b483251e09ed39678031d9e3 /src/include/byteswap.h
parent	[realtek] Fix reopening of legacy-mode 8139 NIC (diff)
download	ipxe-0036fdd5c5a232662d07c6d1310241f4c5b6ab83.tar.gz ipxe-0036fdd5c5a232662d07c6d1310241f4c5b6ab83.tar.xz ipxe-0036fdd5c5a232662d07c6d1310241f4c5b6ab83.zip

[crypto] Accept OCSP responses containing multiple certificates

RFC2560 mandates that a valid OCSP response will contain exactly one relevant certificate. However, some OCSP responders include extraneous certificates. iPXE currently assumes that the first certificate in the OCSP response is the relevant certificate; OCSP checks will therefore fail if the responder includes the extraneous certificates before the relevant certificate. Fix by using the responder ID to identify the relevant certificate. Reported-by: Christian Stroehmeier <stroemi@mail.uni-paderborn.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>

Diffstat (limited to 'src/include/byteswap.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: