Fix ASN1_TIME_to_generlizedtime().

Add protoype for OCSP_response_create(). Add OCSP_request_sign() and OCSP_basic_sign() private key and certificate checks and make OCSP_NOCERTS consistent with PKCS7_NOCERTS
author: Dr. Stephen Henson <steve@openssl.org> 2001-02-04 03:04:43 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2001-02-04 03:04:43 +0000
commit: 2b916952a8de5b1197169801925dad74aa3360cd (patch)
tree: 3da79abd19c83d3b089374ec34a048bf1711a55e /crypto/ocsp/ocsp_srv.c
parent: 02e4fbed3d256f4f1fffff84f307a336b50fae1f (diff)
download: openssl-new-2b916952a8de5b1197169801925dad74aa3360cd.tar.gz
1 files changed, 12 insertions, 4 deletions
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index b83992896f..5743f9c754 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -206,14 +206,22 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
 	int i;
 	OCSP_RESPID *rid;
 
-	if(!(flags & OCSP_NOCERTS) && !OCSP_basic_add1_cert(brsp, signer))
+	if (!X509_check_private_key(signer, key))
+		{
+		OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
 		goto err;
+		}
 
-	for (i = 0; i < sk_X509_num(certs); i++)
+	if(!(flags & OCSP_NOCERTS))
 		{
-		X509 *tmpcert = sk_X509_value(certs, i);
-		if(!OCSP_basic_add1_cert(brsp, tmpcert))
+		if(!OCSP_basic_add1_cert(brsp, signer))
+			goto err;
+		for (i = 0; i < sk_X509_num(certs); i++)
+			{
+			X509 *tmpcert = sk_X509_value(certs, i);
+			if(!OCSP_basic_add1_cert(brsp, tmpcert))
 				goto err;
+			}
 		}
 
 	rid = brsp->tbsResponseData->responderId;
author	Dr. Stephen Henson <steve@openssl.org>	2001-02-04 03:04:43 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2001-02-04 03:04:43 +0000
commit	2b916952a8de5b1197169801925dad74aa3360cd (patch)
tree	3da79abd19c83d3b089374ec34a048bf1711a55e /crypto/ocsp/ocsp_srv.c
parent	02e4fbed3d256f4f1fffff84f307a336b50fae1f (diff)
download	openssl-new-2b916952a8de5b1197169801925dad74aa3360cd.tar.gz