"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
On Fri, May 12, 2006, John Pattern wrote:
> Two questions:
>
> 1. Why OCSP_cert_to_id requires two certificates? Basically it should
> require only the certificate to be checked to construct an OCSP
> request, right?
>
The certificate identifier needs the issuerNameHash, issuerKeyHash and
serialNumber of the target certificate. The issuerKeyHash needs the public key
of the issuing certificate which isn't part of the certificate being checked.
> 2. When OCSP_basic_verify returns 0 does that mean a success or
> failure?
>
Failure. The error queue will give details of the reason.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Get amazing travel prices for air and hotel in one click on Yahoo! FareChase
