Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

Open
nhooyr opened this issue Oct 19, 2017 · 1 comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone

Comments

@nhooyr
Copy link
Contributor

nhooyr commented Oct 19, 2017

The docs on ocsp.CreateResponse state that:

// The responder cert is used to populate the responder's name field, and the
// certificate itself is provided alongside the OCSP response signature.

But in the code, the responder cert is only used to populate the rawResponderID.

The certificate provided with the OCSP response signature seem to come from template.Certificate instead of the responder cert.

Is this an error in the docs/code or am I missing something?

@gopherbot gopherbot added this to the Unreleased milestone Oct 19, 2017
@nhooyr nhooyr changed the title x/crypto/ocsp: how is the responder cert provided along with the OCSP response signature? x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature Oct 19, 2017
@kreichgauer
Copy link
Contributor

That does look like a bug to me. Perhaps we'd want to use responderCert if template.Cert is nil? /cc @agl

@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jul 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Development

No branches or pull requests

4 participants