Details
-
Bug
-
Resolution: Unresolved
-
P2: Important
-
None
-
6.7
Description
CertID, found in OCSP basic response, contains: hash algorithm, issuer's name hashed, issuer's public key hashed, serial number for certificate. Out of this components public key can be missing if a server mis-configured and only sends leaf certificate. In this case, we won't be able to regenerate CertID for comparison and fail the verification, which otherwise can be successful (e.g. on Windows, there the chain can be correctly built).
Attachments
Gerrit Reviews
For Gerrit Dashboard: QTBUG-121417 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
533009,7 | OCSP: do not report CertID unknown error | dev | qt/qtbase | Status: NEW | 0 | 0 |