|
Hi,all
I have a 4-level certificate tree.
ca0--ca1--ca2--cert
And I put ca0 ,ca1 in the X509_STORE,
put ca2 in the STACK_OF(X509)
When I send the ocsp request to ca2, with the cert in question, I can get
the ocsp response which is signed by the delegated signer D1.
D1 is signed by ca2.
And the D1's certificate is attached in the ocsp response.
I think because in the store, there is no whole certificates of the chain
to verify the D1's certificate.
The function OCSP_basic_verify() will not return 1 in default case.
And I would like to know, in What case, I can have this situation verified
by the OCSP_basic_verify()?
Or, maybe I should change the original program ?
Thanks ,
wjw
|
- Re: OCSP verifying Wu Junwei
- Re: OCSP verifying Wu Junwei
- Re: OCSP verifying Dr. Stephen Henson
