diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-12 12:12:40 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-12 12:12:40 +0200 |
| commit | 1bfb93706eed0475013e43fa74fbf86f80c795e9 (patch) | |
| tree | ef68416504ecfce2447be1ee2aaa3b65d1dfefeb | |
| parent | 3a03b1a936fe77309d11307a2b210acfcabdbaa7 (diff) | |
| download | gnutls-1bfb93706eed0475013e43fa74fbf86f80c795e9.tar.gz | |
gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable
That is because this field is not optional, and a failure on its
parsing is always fatal. Reported by Yuan Jochen Kang.
| -rw-r--r-- | lib/x509/ocsp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 7e762bbfef..2e0179483b 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -1500,10 +1500,11 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, ret = asn1_read_value(resp->basicresp, name, ttime, &len); if (ret != ASN1_SUCCESS) { gnutls_assert(); - *this_update = (time_t) (-1); - } else + return GNUTLS_E_ASN1_DER_ERROR; + } else { *this_update = _gnutls_x509_generalTime2gtime(ttime); + } } if (next_update) { |