revocation: Restrict OCSP signing to specific certificates

To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:

- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint

The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.

1 files changed, 1 insertions, 1 deletions

diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
index a2ce5ad93..a6ae74fe3 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
@@ -1,5 +1,5 @@
 moon:: cat /var/log/daemon.log::requesting ocsp status from::YES
-moon:: cat /var/log/daemon.log::ocsp response verification failed::YES
+moon:: cat /var/log/daemon.log::ocsp response verification failed, no signer::YES
 moon:: cat /var/log/daemon.log::certificate status is not available::YES
 moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO