diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 13c3a1850..3cd2e33dc 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -5742,7 +5742,9 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp) return 1; } - if (req->useNonce) { + /* Nonces are not critical. The responder may not necessarily add + * the nonce to the response. */ + if (req->useNonce && resp->nonceSz != 0) { cmp = req->nonceSz - resp->nonceSz; if (cmp != 0) {