From 3a4edf75bd492313af507e0f11a62b0d81cd37a1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 22 Jun 2017 09:56:43 -0700 Subject: [PATCH] =?UTF-8?q?Rename=20the=20option=20to=20disable=20the=20ne?= =?UTF-8?q?w=20issuer=20sign=20check=20to=20=E2=80=98WOLFSSL=5FNO=5FOCSP?= =?UTF-8?q?=5FISSUER=5FCHECK`.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wolfcrypt/src/asn.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 64eb76b20..83a2c602c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -40,9 +40,8 @@ ASN Options: chain is not loaded. This only matches on subject and public key and does not perform a PKI validation, so it is not a secure solution. Only enabled for OCSP. - * WOLFSSL_NO_OCSP_EXTKEYUSE_OCSP_SIGN: Can be defined for backwards - compatibility to disable matching of OCSP signing authority for the - certificate in question. + * WOLFSSL_NO_OCSP_ISSUER_CHECK: Can be defined for backwards compatibility to + disable checking of OCSP subject hash with issuer hash. */ #ifndef NO_ASN @@ -10770,7 +10769,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, return ret; } -#ifndef WOLFSSL_NO_OCSP_EXTKEYUSE_OCSP_SIGN +#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK if ((cert.extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) { if (XMEMCMP(cert.subjectHash, resp->issuerHash, KEYID_SIZE) == 0) {