mirror of https://github.com/wolfSSL/wolfssl.git
added the hash of the issuer's public key to the decoded cert
parent
4d9fe4dafe
commit
81a6ed4577
|
@ -2183,6 +2183,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
|||
CYASSL_MSG("About to verify certificate signature");
|
||||
|
||||
if (ca) {
|
||||
#ifdef HAVE_OCSP
|
||||
/* Need the ca's public key hash for OCSP */
|
||||
{
|
||||
Sha sha;
|
||||
InitSha(&sha);
|
||||
ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
|
||||
ShaFinal(&sha, cert->issuerKeyHash);
|
||||
}
|
||||
#endif /* HAVE_OCSP */
|
||||
/* try to confirm/verify signature */
|
||||
if (!ConfirmSignature(cert, ca->publicKey,
|
||||
ca->pubKeySize, ca->keyOID)) {
|
||||
|
|
|
@ -207,6 +207,9 @@ struct DecodedCert {
|
|||
word32 keyOID; /* sum of key algo object id */
|
||||
byte subjectHash[SHA_SIZE]; /* hash of all Names */
|
||||
byte issuerHash[SHA_SIZE]; /* hash of all Names */
|
||||
#ifdef HAVE_OCSP
|
||||
byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */
|
||||
#endif /* HAVE_OCSP */
|
||||
byte* signature; /* not owned, points into raw cert */
|
||||
char* subjectCN; /* CommonName */
|
||||
int subjectCNLen;
|
||||
|
|
Loading…
Reference in New Issue