summaryrefslogtreecommitdiff
path: root/lib/cert-session.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/cert-session.c')
-rw-r--r--lib/cert-session.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/cert-session.c b/lib/cert-session.c
index 4d0e8961d5..67e38d638a 100644
--- a/lib/cert-session.c
+++ b/lib/cert-session.c
@@ -255,6 +255,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
gnutls_strerror(ret));
ret = gnutls_assert_val(0);
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS;
goto cleanup;
}
@@ -265,6 +266,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
_gnutls_audit_log(session,
"Got OCSP response with an unrelated certificate.\n");
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS;
goto cleanup;
}
@@ -296,6 +298,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
ret = gnutls_assert_val(0);
gnutls_assert();
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS;
goto cleanup;
}
@@ -309,6 +312,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
ret = gnutls_assert_val(0);
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS;
goto cleanup;
}
@@ -322,6 +326,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
gnutls_strerror(ret));
ret = gnutls_assert_val(0);
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_INVALID_OCSP_STATUS;
goto cleanup;
}
@@ -330,6 +335,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
_gnutls_audit_log(session,
"The certificate was revoked via OCSP\n");
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_REVOKED;
ret = gnutls_assert_val(0);
goto cleanup;
@@ -344,6 +350,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
_gnutls_audit_log(session,
"The OCSP response is old\n");
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
goto cleanup;
}
@@ -353,6 +360,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
_gnutls_audit_log(session,
"There is a newer OCSP response but was not provided by the server\n");
check_failed = 1;
+ *ostatus |= GNUTLS_CERT_INVALID;
*ostatus |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
goto cleanup;
}
View Lorry Controller Status