Code review - Issue 11220043: code review 11220043: go.crypto/ocsp: pass in the issuing certificate.https://codereview.appspot.com/2013-07-29T19:32:26+00:00rietveld
Message from unknown
2013-07-12T16:00:57+00:00agl1urn:md5:188447c008e72131886ba0a1a9f40702
Message from unknown
2013-07-12T16:00:59+00:00agl1urn:md5:fb3cae95d3511350619ab76f80681674
Message from unknown
2013-07-12T16:02:55+00:00agl1urn:md5:98d87b9a85cf899b896b70d6b2a9709e
Message from khr@golang.org
2013-07-22T19:41:59+00:00khrurn:md5:77c0bd2f7b95b623e1bc77221a5e7ed0
Message from paul@vanbrouwershaven.com
2013-07-29T15:14:25+00:00Paul van Brouwershavenurn:md5:411f90e0ea86758817fc177c1fd9228b
I tested the OCSP lookup on every certificate in the chain for all major CA public facing websites without running into any issues. Also CA's that don't include a certificate in the OCSP response (the one that use the issuing certificate for signing the OCSP response) are working fine now.
Message from unknown
2013-07-29T19:32:14+00:00agl1urn:md5:02879c5ad1d3950cc544d846f69017cb
Message from agl@golang.org
2013-07-29T19:32:18+00:00agl1urn:md5:e23dbc3a438717112d60f9a1c07fe3a8
Hello golang-dev@googlegroups.com, dayveday@gmail.com, paul@vanbrouwershaven.com (cc: golang-dev@googlegroups.com),
I'd like you to review this change to
https://code.google.com/p/go.crypto/
Message from agl@golang.org
2013-07-29T19:32:26+00:00agl1urn:md5:96d809034b9bae9191c2b511f54275c8
*** Submitted as https://code.google.com/p/go/source/detail?r=9c36e9eca3b5&repo=crypto ***
go.crypto/ocsp: pass in the issuing certificate.
Paul van Brouwershaven pointed out that it would be better to pass in
the issuing certificate and have the verification be done in the OCSP
package than to expect the caller to deal with the difference between
responses with and without a responder certificate.
R=golang-dev, dayveday, paul
CC=golang-dev
https://codereview.appspot.com/11220043