Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accept stapled OCSP responses that use SHA-256 in CertID #2589

Merged
merged 1 commit into from
Oct 17, 2024
Merged

Accept stapled OCSP responses that use SHA-256 in CertID #2589

merged 1 commit into from
Oct 17, 2024

Conversation

dcooper16
Copy link
Contributor

Describe your changes

This PR fixes #2576 by modifying check_revocation_ocsp() to check the revocation status of a certificate in a stapled OCSP response whether the response uses SHA-1 or SHA-256 in CertID.

What is your pull request about?

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Typo fix
  • Documentation update
  • Update of other files

If it's a code change please check the boxes which are applicable

  • For the main program: My edits contain no tabs and the indentation is five spaces
  • I've read CONTRIBUTING.md and Coding_Convention.md
  • I have tested this fix against >=2 hosts and I couldn't spot a problem
  • I have tested this new feature against >=2 hosts which show this feature and >=2 host which does not (in order to avoid side effects) . I couldn't spot a problem
  • For the new feature I have made corresponding changes to the documentation and / or to help()
  • If it's a bigger change: I added myself to CREDITS.md (alphabetical order) and the change to CHANGELOG.md

@dcooper16
Accept stapled OCSP responses that use SHA-256 in CertID
1f37a84 
This commit modifies check_revocation_ocsp() to check the revocation status of a certificate in a stapled OCSP response whether the response uses SHA-1 or SHA-256 in CertID.
@dcooper16 dcooper16 mentioned this pull request Oct 16, 2024
Closed
@drwetter drwetter merged commit 6452ec9 into drwetter:3.2 Oct 17, 2024
2 checks passed
@drwetter
Copy link
Owner

Looks good, thank you @dcooper16 !

@dcooper16 dcooper16 deleted the sha256_stapled_ocsp branch October 17, 2024 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG / possible BUG] Handling of OCSP stapled responses using sha256 hash algorithm?
2 participants
@dcooper16 @drwetter