Home GnuPG
Diffusion GnuPG 5281ecbe3ae8

dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.

Description

dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.

* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
r_produced_at, and r_md.  Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo.  Print a diagnostic if the
signature does not verify.
  • GnuPG-bug-id: T3966
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on May 28 2019, 12:27 PM
Parents
rG582dee24185d: Prepare NEWS for the release
Branches
Unknown
Tags
Unknown
Tasks
T3966: Dirmngr: no suitable certificate found to verify the OCSP response