From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 23 Nov 2023 16:54:40 +0000 (+0100)
Subject: pki: Generate internal error OCSP response if no signer certificate is found
X-Git-Tag: 5.9.13rc1~1^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=945be4ece57d92d9c3011efbdf9f27dd60279bc1;p=thirdparty%2Fstrongswan.git

pki: Generate internal error OCSP response if no signer certificate is found

That can happen if a request is sent to the wrong OCSP server.
---

diff --git a/src/pki/commands/ocsp.c b/src/pki/commands/ocsp.c
index 81e732cf49..85ab673384 100644
--- a/src/pki/commands/ocsp.c
+++ b/src/pki/commands/ocsp.c
@@ -528,6 +528,11 @@ gen:
 				ocsp_status = OCSP_INTERNALERROR;
 			}
 		}
+		else
+		{
+			DBG1(DBG_APP, "no signer certificate found");
+			ocsp_status = OCSP_INTERNALERROR;
+		}
 		DBG1(DBG_APP, "ocspResponseStatus:  %N", ocsp_status_names, ocsp_status);
 
 		enumerator = responses->create_enumerator(responses);