Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-121417

OCSP stapling with incomplete chains fails verification

XMLWordPrintable

    • All

      CertID, found in OCSP basic response, contains: hash algorithm, issuer's name hashed, issuer's public key hashed, serial number for certificate. Out of this components public key can be missing if a server mis-configured and only sends leaf certificate. In this case, we won't be able to regenerate CertID for comparison and fail the verification, which otherwise can be successful (e.g. on Windows, there the chain can be correctly built).

        For Gerrit Dashboard: QTBUG-121417
        # Subject Branch Project Status CR V

            tpochep Timur Pocheptsov
            tpochep Timur Pocheptsov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:

                There is 1 open Gerrit change