Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-121417

OCSP stapling with incomplete chains fails verification

    XMLWordPrintable

Details

    • All

    Description

      CertID, found in OCSP basic response, contains: hash algorithm, issuer's name hashed, issuer's public key hashed, serial number for certificate. Out of this components public key can be missing if a server mis-configured and only sends leaf certificate. In this case, we won't be able to regenerate CertID for comparison and fail the verification, which otherwise can be successful (e.g. on Windows, there the chain can be correctly built).

      Attachments

        For Gerrit Dashboard: QTBUG-121417
        # Subject Branch Project Status CR V
        533009,7 OCSP: do not report CertID unknown error dev qt/qtbase Status: NEW 0 0

        Activity

          People

            tpochep Timur Pocheptsov
            tpochep Timur Pocheptsov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There is 1 open Gerrit change