Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Align OCSP behavior with OpenSSL for nginx #1077

Merged
merged 4 commits into from
Jul 12, 2023
Merged

Align OCSP behavior with OpenSSL for nginx #1077

merged 4 commits into from
Jul 12, 2023

Conversation

samuel40791765
Copy link
Contributor

Issues:

Resolves CryptoAlg-1849

Description of changes:

Asides from the behavior fixed in #1074, there was some slight OCSP errors when building with nginx's OCSP stapling tests. There are still a couple of tests failing due to us missing multiple certs support, but this should resolve all other issues with us failing the test.

  1. The NULL check in ocsp_find_signer_sk static function was a bit too pedantic, so I relaxed it. It's possible for the OCSP Basic response to be missing a cert stack, so we shouldn't be throwing an error on the stack if that happens.
  2. Implemented functionality for the two OCSP flags, OCSP_NOVERIFY and OCSP_TRUSTOTHER

Call-outs:

N/A

Testing:

N/A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

skmcgrail
skmcgrail previously approved these changes Jul 6, 2023
View reviewed changes
@samuel40791765 samuel40791765 enabled auto-merge (squash) July 6, 2023 21:52
andrewhop
andrewhop reviewed Jul 10, 2023
View reviewed changes
Copy link
Contributor

@andrewhop andrewhop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this behavior is covered by Nginx's tests but can you add some targeted tests in our crypto_test.

include/openssl/ocsp.h Outdated Show resolved Hide resolved
include/openssl/ocsp.h Outdated Show resolved Hide resolved
include/openssl/ocsp.h Outdated Show resolved Hide resolved
@samuel40791765 samuel40791765 merged commit 83cc6f5 into aws:main Jul 12, 2023
@andrewhop andrewhop mentioned this pull request Jul 13, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darylmartin100 darylmartin100 darylmartin100 left review comments

@andrewhop andrewhop andrewhop approved these changes

@skmcgrail skmcgrail skmcgrail approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@samuel40791765 @skmcgrail @andrewhop @darylmartin100