diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-09-30 16:22:33 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-09-30 16:31:19 +0200 |
| commit | 946ea95e6f3ac2a9dad38d8f64eeee2956279a47 (patch) | |
| tree | e8b994e9d57e429712c23e6fc4a414a0a455951e /src/ocsptool-common.c | |
| parent | 0540e077a7cfaf961bb620b65f85ba13ae7b62e0 (diff) | |
| download | gnutls-946ea95e6f3ac2a9dad38d8f64eeee2956279a47.tar.gz | |
The OCSP response file is now set on the credentials and other additions.
Changed OCSP function prototypes for almost all status_request functions
to move the response file and callback to the certificate credentials structure.
Added gnutls_ocsp_resp_check_crt() to check whether a response corresponds
to a given certificate.
Diffstat (limited to 'src/ocsptool-common.c')
| -rw-r--r-- | src/ocsptool-common.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c index 1c441b3824..33f78948ab 100644 --- a/src/ocsptool-common.c +++ b/src/ocsptool-common.c @@ -311,7 +311,8 @@ print_ocsp_verify_res (unsigned int output) * -1: dunno */ int -check_ocsp_response (gnutls_x509_crt_t issuer, +check_ocsp_response (gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, gnutls_datum_t *data) { gnutls_ocsp_resp_t resp; @@ -328,6 +329,14 @@ check_ocsp_response (gnutls_x509_crt_t issuer, ret = gnutls_ocsp_resp_import (resp, data); if (ret < 0) error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret)); + + ret = gnutls_ocsp_resp_check_crt(resp, cert); + if (ret < 0) + { + printf ("*** Got OCSP response on an unrelated certificate (ignoring)\n"); + ret = -1; + goto cleanup; + } ret = gnutls_ocsp_resp_verify_direct( resp, issuer, &status, 0); if (ret < 0) |