CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
This commit is contained in:
parent
48acfe98ae
commit
ca7663ece6
|
@ -680,7 +680,8 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer,
|
|||
return FALSE;
|
||||
}
|
||||
}
|
||||
if (!(x509->get_flags(x509) & X509_OCSP_SIGNER))
|
||||
if (!(x509->get_flags(x509) & X509_OCSP_SIGNER) &&
|
||||
!(x509->get_flags(x509) & X509_CA))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue