curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: OCSP and intermediate certs, libressl workaround no longer needed

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 13 Jun 2017 12:11:28 +0200 (CEST)

On Tue, 13 Jun 2017, Stuart Henderson via curl-library wrote:

> lib/vtls/openssl.c has a workaround for a bug with OCSP responses
> signed by intermediate certs, this was fixed in LibreSSL in
> https://github.com/libressl-portable/openbsd/commit/912c64f68f7ac4f225b7d1fdc8fbd43168912ba0
>
> Would it be appropriate to adjust the #ifdef to avoid the workaround?

It looks fine to me. I take it you've tested this code with a new enough
libressl version and seen it working too?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2017-06-13