Skip OCSP if there's no host / port / url

author Alan T. DeKok <aland@freeradius.org>

Fri, 14 Sep 2012 08:34:21 +0000 (10:34 +0200)

committer Alan T. DeKok <aland@freeradius.org>

Fri, 14 Sep 2012 08:34:21 +0000 (10:34 +0200)
author Alan T. DeKok <aland@freeradius.org>
Fri, 14 Sep 2012 08:34:21 +0000 (10:34 +0200)
committer Alan T. DeKok <aland@freeradius.org>
Fri, 14 Sep 2012 08:34:21 +0000 (10:34 +0200)
diff --git a/src/main/tls.c b/src/main/tls.c

index ab061bc9a729c6fba6a8f4439d0acb85f7a74cc5..44fdb217fdfacd6bd7d4a99650c73d191cf3570e 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1098,6 +1098,12 @@ static int ocsp_check(X509_STORE *store, X509 *issuer_cert, X509 *client_cert,
                 ocsp_parse_cert_url(client_cert, &host, &port, &path, &use_ssl);
         }
  
+       if (!host || !port || !path) {
+               DEBUG2("[ocsp] - Host / port / path missing.  Not doing OCSP.");
+               ocsp_ok = 2;
+               goto ocsp_skip;
+       }
+       
         DEBUG2("[ocsp] --> Responder URL = http://%s:%s%s", host, port, path);
  
         /* Setup BIO socket to OCSP responder */
@@ -1226,6 +1232,7 @@ ocsp_end:
         BIO_free_all(cbio);
         OCSP_BASICRESP_free(bresp);
  
+ ocsp_skip:
         switch (ocsp_ok) {
         case 1:
                 DEBUG2("[ocsp] --> Certificate is valid!");
author	Alan T. DeKok <aland@freeradius.org>
	Fri, 14 Sep 2012 08:34:21 +0000 (10:34 +0200)
committer	Alan T. DeKok <aland@freeradius.org>
	Fri, 14 Sep 2012 08:34:21 +0000 (10:34 +0200)