OCSP callback should use the verified peer certificate chain to find the cert issuer

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 3.13, 4.1, 4.0.2
    • Affects Version/s: 3.11
    • Component/s: TLS/SSL
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Our OCSP callback should use the verified peer certificate chain to find the cert issuer. It currently uses the "raw" peer certificate chain sent by the server. This requires a new PyOpenSSL feature to allow inspecting the verified peer cert chain. I've implemented this in:
      https://github.com/pyca/pyopenssl/pull/894

              Assignee:
              Shane Harvey
              Reporter:
              Shane Harvey
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: