mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

ocsp: remove TODOs

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
This commit is contained in:
Pauli 2021-05-31 14:29:34 +10:00
parent 29cfba8599
commit 126e37716f
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/ocsp/ocsp_vfy.c
View File

@ -51,12 +51,11 @@ static int ocsp_verify_signer(X509 *signer, int response,
&& X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0)
/*
* Locally disable revocation status checking for OCSP responder cert.
* Done here for CRLs; TODO should be done also for OCSP-based checks.
* Done here for CRLs; should be done also for OCSP-based checks.
*/
X509_VERIFY_PARAM_clear_flags(vp, X509_V_FLAG_CRL_CHECK);
X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
/* TODO: why is X509_TRUST_OCSP_REQUEST set? Seems to get ignored. */
ret = X509_verify_cert(ctx);
if (ret <= 0) {