OCSP_basic_verify()

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OCSP_basic_verify()

Steffen Fiksdal
Hi!

What return code(s) from OCSP_basic_verify() signals that the
verification process went ok, regardless of any flags set ?



Best Regards
Steffen Fiksdal


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OCSP_basic_verify()

Dr. Stephen Henson
On Tue, Oct 25, 2005, Steffen Fiksdal wrote:

> Hi!
>
> What return code(s) from OCSP_basic_verify() signals that the
> verification process went ok, regardless of any flags set ?
>

Anything >0 though at present it will only return 1 for success.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OCSP_basic_verify()

Steffen Fiksdal

> On Tue, Oct 25, 2005, Steffen Fiksdal wrote:
>
>> Hi!
>>
>> What return code(s) from OCSP_basic_verify() signals that the
>> verification process went ok, regardless of any flags set ?
>>
>
> Anything >0 though at present it will only return 1 for success.

I see in the function that if ocsp_check_issuer() returns !=0,
the explicit trust will never be checked.

When ocsp_check_issuer returns 0 (uncritical fail), then the explicit
trust will be checked.

Can you please explain the logic for me, I am kind of confused about this
function :-)

Best Regards
Steffen
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]