From dd329ac97b6eb2197900543cf31609eea0c09e4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Fri, 15 Jul 2016 17:12:04 -0300
Subject: [PATCH 1/2] fixes ocsp signer lookup in the cert manager.

---
 wolfcrypt/src/asn.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 3cdab5c95..2f9abd58c 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -9207,7 +9207,10 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         }
     }
     else {
-        Signer* ca = GetCA(cm, resp->issuerHash);
+        Signer* ca = GetCA(cm, resp->issuerKeyHash);
+
+        if (!ca)
+            ca = GetCA(cm, resp->issuerHash);
 
         if (!ca || !ConfirmSignature(resp->response, resp->responseSz,
                                      ca->publicKey, ca->pubKeySize, ca->keyOID,

From e866b55bb73f97c65fc42a659efe62481284a980 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Mon, 18 Jul 2016 22:02:41 -0300
Subject: [PATCH 2/2] removes fallback.

---
 wolfcrypt/src/asn.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 2f9abd58c..a79d13be7 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -9209,9 +9209,6 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     else {
         Signer* ca = GetCA(cm, resp->issuerKeyHash);
 
-        if (!ca)
-            ca = GetCA(cm, resp->issuerHash);
-
         if (!ca || !ConfirmSignature(resp->response, resp->responseSz,
                                      ca->publicKey, ca->pubKeySize, ca->keyOID,
                                   resp->sig, resp->sigSz, resp->sigOID, NULL)) {