Merge branch 'tmp-cert-invalid' into 'master'

cert-session: ensure that invalid flag is always set See merge request gnutls/gnutls!1304
author: Daiki Ueno <ueno@gnu.org> 2020-08-14 17:20:16 +0000
committer: Daiki Ueno <ueno@gnu.org> 2020-08-14 17:20:16 +0000
commit: 8449b5e19c8d685b7e4f01ec30c32fa222a17b6b (patch)
tree: 9e9ac44768af8b5204af2c648bacc36a38244043
parent: 4e4a3c36b429e268236f887cb77d4e26e18c8a0f (diff)
parent: 388365cdbb6c8870607120782eb77d29bea97357 (diff)
download: gnutls-8449b5e19c8d685b7e4f01ec30c32fa222a17b6b.tar.gz
2 files changed, 5 insertions, 1 deletions
diff --git a/lib/cert-session.c b/lib/cert-session.c
index db04a25e5d..97f31597d5 100644
--- a/lib/cert-session.c
+++ b/lib/cert-session.c
@@ -415,6 +415,7 @@ _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session,
 
 			if (feature == 5 /* TLS ID for status request */) {
 				/* We sent a status request, the certificate mandates a reply, but we did not get any. */
+				*ocsp_status |= GNUTLS_CERT_INVALID;
 				*ocsp_status |= GNUTLS_CERT_MISSING_OCSP_STATUS;
 				break;
 			}
diff --git a/src/common.c b/src/common.c
index a7e784e666..9b0d385ca3 100644
--- a/src/common.c
+++ b/src/common.c
@@ -282,8 +282,11 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp
 
 	gnutls_free(out.data);
 
-	if (status)
+	if (status) {
+		if (!(status & GNUTLS_CERT_INVALID))
+			abort();
 		return 0;
+	}
 
 	return 1;
 }
author	Daiki Ueno <ueno@gnu.org>	2020-08-14 17:20:16 +0000
committer	Daiki Ueno <ueno@gnu.org>	2020-08-14 17:20:16 +0000
commit	8449b5e19c8d685b7e4f01ec30c32fa222a17b6b (patch)
tree	9e9ac44768af8b5204af2c648bacc36a38244043
parent	4e4a3c36b429e268236f887cb77d4e26e18c8a0f (diff)
parent	388365cdbb6c8870607120782eb77d29bea97357 (diff)
download	gnutls-8449b5e19c8d685b7e4f01ec30c32fa222a17b6b.tar.gz