-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add two missing entries to the OCSP CRLReason table #21743
Conversation
Example behaviour without this PR:
Example behaviour with this PR:
|
Could you please submit a CLA? https://www.openssl.org/policies/cla.html |
Done. |
It seems it did not work. There needs to be an empty line between the first line of the message (subject line) and the rest of the message - this is a body of the message. |
OK with CLA: trivial |
Ah, sorry about that. Empty line added. |
This pull request is ready to merge |
Merged 1c8a7f5 Add two missing entries to the OCSP CRLReason table |
CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21743)
This PR adds two CRLReasons (privilegeWithdrawn and aACompromise) that are missing from
reason_tbl
inOCSP_crl_reason_str()
(crypto/ocsp/ocsp_prn.c) but present in https://datatracker.ietf.org/doc/html/rfc5280#section-5.3.1.These two CRLReasons were absent in https://datatracker.ietf.org/doc/html/rfc2459#section-5.3.1 and X.509 (08/97), which is presumably why they were missing from ocsp_prn.c. Interestingly though, the corresponding #defines do already exist (in include/openssl/ocsp.h.in).
The use of reason codes in CRL entries and OCSP responses has increased amongst WebPKI CAs recently, and I'm aware of several people that have been confused by the missing privilegeWithdrawn entry (that this PR adds) when using "openssl ocsp" to print OCSP responses.