summaryrefslogtreecommitdiff
path: root/lib/libcrypto/ocsp
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2024-08-28 06:27:20 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2024-08-28 06:27:20 +0000
commit097b911e3607c0fdfb5644bcbbcc6d8052efe730 (patch)
tree6f9648bc475dc706cfd18dd06bebb89681425400 /lib/libcrypto/ocsp
parent712d7d070e9da6eb7fe7e29bc078947db1b378fc (diff)
Add a comment to OCSP_id_issuer_cmp() to make blind use of X509_ALGOR_cmp()
less likely. ok jsing
Diffstat (limited to 'lib/libcrypto/ocsp')
-rw-r--r--lib/libcrypto/ocsp/ocsp_lib.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libcrypto/ocsp/ocsp_lib.c b/lib/libcrypto/ocsp/ocsp_lib.c
index 216af18fcd3..521fb67aed2 100644
--- a/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/lib/libcrypto/ocsp/ocsp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_lib.c,v 1.27 2024/08/28 06:26:06 tb Exp $ */
+/* $OpenBSD: ocsp_lib.c,v 1.28 2024/08/28 06:27:19 tb Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
@@ -157,6 +157,11 @@ OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
{
int ret;
+ /*
+ * XXX - should we really ignore parameters here? We probably need to
+ * consider omitted parameters and explicit ASN.1 NULL as equal for
+ * the SHAs, so don't blindly switch to X509_ALGOR_cmp().
+ */
ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
if (ret)
return ret;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 01:03:46 +0000