Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature #22335

Open
nhooyr opened this issue Oct 19, 2017 · 1 comment

Comments

@nhooyr
Copy link
Contributor

commented Oct 19, 2017

The docs on ocsp.CreateResponse state that:

// The responder cert is used to populate the responder's name field, and the
// certificate itself is provided alongside the OCSP response signature.

But in the code, the responder cert is only used to populate the rawResponderID.

The certificate provided with the OCSP response signature seem to come from template.Certificate instead of the responder cert.

Is this an error in the docs/code or am I missing something?

@gopherbot gopherbot added this to the Unreleased milestone Oct 19, 2017

@nhooyr nhooyr changed the title x/crypto/ocsp: how is the responder cert provided along with the OCSP response signature? x/crypto/ocsp: the responder cert is not provided along with the OCSP response signature Oct 19, 2017

@kreichgauer

This comment has been minimized.

Copy link
Contributor

commented Oct 19, 2017

That does look like a bug to me. Perhaps we'd want to use responderCert if template.Cert is nil? /cc @agl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.