OCSP callback should use the verified peer certificate chain to find the cert issuer

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 3.13, 4.1, 4.0.2
    • Affects Version/s: 3.11
    • Component/s: TLS/SSL
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Our OCSP callback should use the verified peer certificate chain to find the cert issuer. It currently uses the "raw" peer certificate chain sent by the server. This requires a new PyOpenSSL feature to allow inspecting the verified peer cert chain. I've implemented this in:
      https://github.com/pyca/pyopenssl/pull/894

            Assignee:
            Shane Harvey
            Reporter:
            Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: