x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

nhooyr · 2017-10-19T02:10:33Z

The docs on ocsp.CreateResponse state that:

// The responder cert is used to populate the responder's name field, and the
// certificate itself is provided alongside the OCSP response signature.

But in the code, the responder cert is only used to populate the rawResponderID.

The certificate provided with the OCSP response signature seem to come from template.Certificate instead of the responder cert.

Is this an error in the docs/code or am I missing something?

kreichgauer · 2017-10-19T17:52:39Z

That does look like a bug to me. Perhaps we'd want to use responderCert if template.Cert is nil? /cc @agl

gopherbot added this to the Unreleased milestone Oct 19, 2017

nhooyr changed the title ~~x/crypto/ocsp: how is the responder cert provided along with the OCSP response signature?~~ x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature Oct 19, 2017

golang / go

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

nhooyr commented Oct 19, 2017

kreichgauer commented Oct 19, 2017

golang / go

Join GitHub today

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

Comments

nhooyr commented Oct 19, 2017

kreichgauer commented Oct 19, 2017