Re: [Pki-devel] [PATCH] 0051 Lightweight CAs: lookup correct issuer for OCSP responses

Hi all, The attached patch makes sure that the right authority is used to create OCSP responses. Note that OCSP requests may ask about certs from more than one issuer - even though this is crazy the heuristic used is to simply use issuer of the first CertID in the request. Note that OCSP response validation of certificates issued by sub-CAs currently fails due to a separate issue[1]. [1] https://fedorahosted.org/pki/ticket/1632 _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel