diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-02-04 10:14:55 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-02-04 10:18:05 +0100 |
commit | cb040d5f05a6fa9065bef1e14d62eee28f479e22 (patch) | |
tree | 80a868d248ebeb57c5c231cc3f87e3eae4d2d21a | |
parent | 02b6f5312d7113f22136539fe444dc04db29aa5f (diff) | |
download | gnutls-cb040d5f05a6fa9065bef1e14d62eee28f479e22.tar.gz |
handle differently OCSP responses that are revoked and of unknown status
-rw-r--r-- | src/cli.c | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -1721,6 +1721,7 @@ static int cert_verify_ocsp(gnutls_session_t session) gnutls_x509_crt_t cert, issuer; const gnutls_datum_t *cert_list; unsigned int cert_list_size = 0, ok = 0; + unsigned failed = 0; int deinit_issuer = 0, deinit_cert; gnutls_datum_t resp; unsigned char noncebuf[23]; @@ -1784,8 +1785,10 @@ static int cert_verify_ocsp(gnutls_session_t session) ret = check_ocsp_response(cert, issuer, &resp, &nonce, verbose); if (ret == 1) ok++; - else + else if (ret == 0) { + failed++; break; + } } cleanup: @@ -1794,5 +1797,7 @@ cleanup: if (deinit_cert) gnutls_x509_crt_deinit(cert); + if (failed > 0) + return -1; return ok > 1 ? (int) ok : -1; } |