OCSP Error Return
1. In CheckOcspResponse(), remove the existing check for UNKNOWN certificate status. Given the values of ret and ocsp->error, unknown won't get checked. 2. Separated checks for UKNOWN and REJECTED for logging purposes. Return that as an error. 3. Anything else should be a failure.
This commit is contained in:
parent
195c14ccaf
commit
52658c51a9
10
src/ocsp.c
10
src/ocsp.c
@ -409,10 +409,14 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
|
||||
end:
|
||||
if (ret == 0 && validated == 1) {
|
||||
WOLFSSL_MSG("New OcspResponse validated");
|
||||
} else if ((ret == ocsp->error) && (ocspResponse->single->status->status == CERT_UNKNOWN)) {
|
||||
}
|
||||
else if (ret == OCSP_CERT_REVOKED) {
|
||||
WOLFSSL_MSG("OCSP revoked");
|
||||
}
|
||||
else if (ret == OCSP_CERT_UNKNOWN) {
|
||||
WOLFSSL_MSG("OCSP unknown");
|
||||
ret = OCSP_CERT_UNKNOWN;
|
||||
} else if (ret != OCSP_CERT_REVOKED) {
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("OCSP lookup failure");
|
||||
ret = OCSP_LOOKUP_FAIL;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user