diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-23 10:59:58 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-24 10:29:50 +0000 |
| commit | f217b5e6f21056be4d7cbdf552c86d40007dc2b0 (patch) | |
| tree | 32c0bf811c6f69bdd7d97bcd40bbab3bfbde7184 | |
| parent | 093ee84661df6ade4dee493e45055f6fdcb706fe (diff) | |
| download | gnutls-f217b5e6f21056be4d7cbdf552c86d40007dc2b0.tar.gz | |
ocsptool: check chain size on verification
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | src/ocsptool.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/ocsptool.c b/src/ocsptool.c index c0ae7ad6fe..1338d6122b 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -478,8 +478,12 @@ static void verify_response(gnutls_datum_t *nonce) if (HAVE_OPT(LOAD_CHAIN)) { chain_size = load_chain(chain); + if (chain_size < 1) { + fprintf(stderr, "Empty chain found; cannot verify\n"); + app_exit(1); + } - if (chain_size <= 1) + if (chain_size == 1) signer = chain[0]; else signer = chain[1]; |