mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCSP Error Return

Browse Source 
1. In CheckOcspResponse(), remove the existing check for UNKNOWN
   certificate status. Given the values of ret and ocsp->error, unknown
   won't get checked.
2. Separated checks for UKNOWN and REJECTED for logging purposes. Return
   that as an error.
3. Anything else should be a failure.
This commit is contained in:
John Safranek 2023-12-04 11:31:04 -08:00
parent 195c14ccaf
commit 52658c51a9
No known key found for this signature in database
GPG Key ID: 8CE817DE0D3CCB4A
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ocsp.c
View File

@ -409,10 +409,14 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
end:
if (ret == 0 && validated == 1) {
WOLFSSL_MSG("New OcspResponse validated");
} else if ((ret == ocsp->error) && (ocspResponse->single->status->status == CERT_UNKNOWN)) {
}
else if (ret == OCSP_CERT_REVOKED) {
WOLFSSL_MSG("OCSP revoked");
}
else if (ret == OCSP_CERT_UNKNOWN) {
WOLFSSL_MSG("OCSP unknown");
ret = OCSP_CERT_UNKNOWN;
} else if (ret != OCSP_CERT_REVOKED) {
}
else {
WOLFSSL_MSG("OCSP lookup failure");
ret = OCSP_LOOKUP_FAIL;
}