From f3dfc2f118e02b518d0901ecb83d9c5fb1d7c2e7 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 23 Mar 2016 23:14:01 +0100
Subject: ocsptool: exit with error on verification failures

---
 src/ocsptool.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/ocsptool.c b/src/ocsptool.c
index bb50330b9d..d73ad66562 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -443,6 +443,7 @@ static void verify_response(gnutls_datum_t *nonce)
 	gnutls_datum_t dat;
 	size_t size;
 	gnutls_x509_crt_t signer;
+	int v;
 
 	if (HAVE_OPT(LOAD_RESPONSE))
 		dat.data =
@@ -458,13 +459,15 @@ static void verify_response(gnutls_datum_t *nonce)
 
 	signer = load_signer();
 
-	_verify_response(&dat, nonce, signer);
+	v = _verify_response(&dat, nonce, signer);
+	if (v)
+		exit(1);
 }
 
 static void ask_server(const char *url)
 {
 	gnutls_datum_t resp_data;
-	int ret, v;
+	int ret, v = 0;
 	gnutls_x509_crt_t cert, issuer;
 	unsigned char noncebuf[23];
 	gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
@@ -511,6 +514,8 @@ static void ask_server(const char *url)
 		fwrite(resp_data.data, 1, resp_data.size, outfile);
 	}
 
+	if (v)
+		exit(1);
 }
 
 int main(int argc, char **argv)
-- 
cgit v1.2.1