From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 12 Sep 2012 12:35:51 +0000 (+0200)
Subject: Skip OCSP if there's no host / port / url
X-Git-Tag: release_2_2_1~281
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a54eb36cd51a1cde48c9ddf0f8bfa9a5627803b;p=thirdparty%2Ffreeradius-server.git

Skip OCSP if there's no host / port / url
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
index 799ee8a8762..1b4398b2f58 100644
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -339,6 +339,12 @@ static int ocsp_check(X509_STORE *store, X509 *issuer_cert, X509 *client_cert,
 	else {
 		ocsp_parse_cert_url(client_cert, &host, &port, &path, &use_ssl);
 	}
+
+	if (!host || !port || !path) {
+		DEBUG2("[ocsp] - Host / port / path missing.  Not doing OCSP.");
+		ocsp_ok = 2;
+		goto ocsp_skip;
+	}
 	
 	DEBUG2("[ocsp] --> Responder URL = http://%s:%s%s", host, port, path);
 
@@ -467,6 +473,7 @@ ocsp_end:
 	BIO_free_all(cbio);
 	OCSP_BASICRESP_free(bresp);
 
+ocsp_skip:
 	switch (ocsp_ok) {
 	case 1:
 		DEBUG2("[ocsp] --> Certificate is valid!");