Google Git
Sign in
qemu / ipxe / 6e92d6213d20329d8b84431f00d8cbe7d63bb379
commit6e92d6213d20329d8b84431f00d8cbe7d63bb379[log] [tgz]
authorMichael Brown <mcb30@ipxe.org>Tue Dec 08 14:39:33 2020 +0000
committerMichael Brown <mcb30@ipxe.org>Tue Dec 08 15:04:28 2020 +0000
tree330cacc0a8b25b8e3902d567e5f8f782be2ecaab
parentbe47c2c72cd3cdecc146eca5a200d454643bcf06 [diff]
[ocsp] Remove dummy OCSP certificate root

OCSP currently calls x509_validate() with an empty root certificate
list, on the basis that the OCSP signer certificate (if existent) must
be signed directly by the issuer certificate.

Using an empty root certificate list is not required to achieve this
goal, since x509_validate() already accepts an explicit issuer
certificate parameter.  The explicit empty root certificate list
merely prevents the signer certificate from being evaluated as a
potential trusted root certificate.

Remove the dummy OCSP root certificate list and use the default root
certificate list when calling x509_validate().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
1 file changed
tree: 330cacc0a8b25b8e3902d567e5f8f782be2ecaab
  1. contrib/
  2. src/
  3. .travis.yml
  4. COPYING
  5. COPYING.GPLv2
  6. COPYING.UBDL
  7. README