Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Verify delegated & CA signed OCSP correctly (#736)
Both ParseResponse and ParseResponseForCert in "golang.org/x/crypto/ocsp" do already verify the response and embedded certificates when present. Previous OCSP signature validation in this package was done incorrectly and would only be performed when ParseResponse would have verified the signature with no errors. By using ParseResponseForCert instead of ParseResponse also OCSP responses containing multiple answers can be handled successfully.
- Loading branch information