[ssh_x509] OCSP validation request to all the certificate in chain except root CA certificate

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Apr 27 22:02:21 EEST 2020


Hi Roumen,
While browsing through the code, I found following comment in x509store.c

/* To minimize network latency and keeping in mind 1.) we send
 * 'OCSP request' only for the last certificate in the chain, i.e.
 * sended client or server certificate.
 *
 * Therefore instead to send OCSP request in ssh_x509revoked_cb()
 * we do this here.
 */
ret = ssh_ocsp_validate(_cert, x509store);

Would you be able to help me in getting the changes so that OCSP request
can be sent for all the certificates in the chain except root CA
certificate ?

Thanks in advance,
Mohit Gupta


More information about the ssh_x509 mailing list