]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 05a1f5b)
pki: Generate internal error OCSP response if no signer certificate is found
authorTobias Brunner <tobias@strongswan.org>
Thu, 23 Nov 2023 16:54:40 +0000 (17:54 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 24 Nov 2023 16:41:18 +0000 (17:41 +0100)
That can happen if a request is sent to the wrong OCSP server.

src/pki/commands/ocsp.c patch | blob | blame | history

diff --git a/src/pki/commands/ocsp.c b/src/pki/commands/ocsp.c
index 81e732cf494105f6421ed790896d153e67af8c55..85ab67338494a93f27edd994c2b1f3b798698f7a 100644 (file)
--- a/src/pki/commands/ocsp.c
+++ b/src/pki/commands/ocsp.c
@@ -528,6 +528,11 @@ gen:
                                ocsp_status = OCSP_INTERNALERROR;
                        }
                }
+               else
+               {
+                       DBG1(DBG_APP, "no signer certificate found");
+                       ocsp_status = OCSP_INTERNALERROR;
+               }
                DBG1(DBG_APP, "ocspResponseStatus:  %N", ocsp_status_names, ocsp_status);
 
                enumerator = responses->create_enumerator(responses);
Unnamed repository; edit this file 'description' to name the repository.