Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

OCSP Error Return

1. In CheckOcspResponse(), remove the existing check for UNKNOWN
   certificate status. Given the values of ret and ocsp->error, unknown
   won't get checked.
2. Separated checks for UKNOWN and REJECTED for logging purposes. Return
   that as an error.
3. Anything else should be a failure.
John Safranek 4 months ago
parent
195c14ccaf
commit
52658c51a9
1 changed files with 7 additions and 3 deletions
Split View Show Diff Stats
  1. 7 3
      src/ocsp.c

+ 7 - 3
src/ocsp.c
View File 

@@ -409,10 +409,14 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
 
 end:
 
     if (ret == 0 && validated == 1) {
 
         WOLFSSL_MSG("New OcspResponse validated");
 
-    } else if ((ret == ocsp->error) && (ocspResponse->single->status->status == CERT_UNKNOWN)) {
 
+    }
 
+    else if (ret == OCSP_CERT_REVOKED) {
 
+        WOLFSSL_MSG("OCSP revoked");
 
+    }
 
+    else if (ret == OCSP_CERT_UNKNOWN) {
 
         WOLFSSL_MSG("OCSP unknown");
 
-        ret = OCSP_CERT_UNKNOWN;
 
-    } else if (ret != OCSP_CERT_REVOKED) {
 
+    }
 
+    else {
 
         WOLFSSL_MSG("OCSP lookup failure");
 
         ret = OCSP_LOOKUP_FAIL;
 
     }