Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

Open
nhooyr opened this issue Oct 19, 2017 · 1 comment
Open

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

nhooyr opened this issue Oct 19, 2017 · 1 comment
Milestone
Unreleased

Comments

@nhooyr
Copy link
Contributor

nhooyr commented Oct 19, 2017

The docs on ocsp.CreateResponse state that:

// The responder cert is used to populate the responder's name field, and the
// certificate itself is provided alongside the OCSP response signature.

But in the code, the responder cert is only used to populate the rawResponderID.

The certificate provided with the OCSP response signature seem to come from template.Certificate instead of the responder cert.

Is this an error in the docs/code or am I missing something?
@gopherbot gopherbot added this to the Unreleased milestone Oct 19, 2017
@nhooyr nhooyr changed the title x/crypto/ocsp: how is the responder cert provided along with the OCSP response signature? x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature Oct 19, 2017
@kreichgauer
Copy link
Contributor

That does look like a bug to me. Perhaps we'd want to use responderCert if template.Cert is nil? /cc @agl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@kreichgauer @gopherbot @nhooyr