amppackager
amppackager copied to clipboard
Published
20 hours ago •
ampproject
ampproject
Validate OCSP ProducedAt
trafficstars
When receiving an OCSP response, AMP Packager should validate that its ProducedAt is within the NotBefore/NotAfter of the cert. I think the place to do that is here. (It looks like the ocsp.ParseResponseForCert function doesn't do this already.)
Filed golang/go#45244 for the upstream ocsp lib, but we should fix on our end in the meantime.