david/ipxe
david/ipxe
Archived
1
0
Fork 0
Code
This repository has been archived on 2020-12-06. You can view files and clone it, but cannot push or open issues or pull requests.
78178608e9
ipxe/src/crypto
History
Michael Brown 0036fdd5c5 [crypto] Accept OCSP responses containing multiple certificates 
RFC2560 mandates that a valid OCSP response will contain exactly one
relevant certificate.  However, some OCSP responders include
extraneous certificates.  iPXE currently assumes that the first
certificate in the OCSP response is the relevant certificate; OCSP
checks will therefore fail if the responder includes the extraneous
certificates before the relevant certificate.

Fix by using the responder ID to identify the relevant certificate.

Reported-by: Christian Stroehmeier <stroemi@mail.uni-paderborn.de>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-05-29 16:41:58 +01:00
..
axtls [crypto] Remove obsolete AXTLS RSA algorithm 2012-03-18 14:47:16 +00:00
aes_wrap.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
arc4.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
asn1.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
axtls_aes.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
bigint.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
cbc.c [crypto] Allow in-place CBC decryption 2012-09-27 01:54:55 +01:00
chap.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
clientcert.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
cms.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
crc32.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
crypto_null.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
drbg.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
entropy.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
hash_df.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
hmac_drbg.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
hmac.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
md5.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
null_entropy.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
ocsp.c [crypto] Accept OCSP responses containing multiple certificates 2013-05-29 16:41:58 +01:00
random_nz.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
rbg.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
rootcert.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
rsa.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
sha1.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
sha1extra.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
sha256.c [legal] Update FSF mailing address in GPL licence texts 2012-07-20 19:55:45 +01:00
x509.c [crypto] Report meaningful error when certificate chain validation fails 2013-05-10 10:03:56 +01:00