Skip to content

OCSP digest support for SHA-256 #2854

@samuel40791765

Description

@samuel40791765

Problem:

SHA1 seems to be the only OCSP digest supported by s2n: https://github.com/aws/s2n-tls/blob/main/tls/s2n_x509_validator.c#L473-L478
However, the support for SHA1 in OCSP is a bit outdated. The latest OCSP RFC states that it's mandatory for clients that request OCSP services to be able to process responses signed using SHA-256.

Proposed Solution:

Update OCSP digest support to handle SHA-256.

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions