From: Jouni Malinen Date: Sun, 7 Sep 2014 15:30:58 +0000 (+0300) Subject: HTTP: Fix OCSP status check X-Git-Tag: hostap_2_3~114 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c196f7703a44e510116e068b99be52ef69e404f;p=thirdparty%2Fhostap.git HTTP: Fix OCSP status check Due to a missing curly brackets, the OCSP status checking was not working in the expected way. Instead of allowing optional-OCSP configuration to accept connection when OCSP response was ready, all such cases were marked as hard failures. In addition, the debug prints were not necessarily accurate for the mandatory-OCSP-but-no-response case (CID 72694, CID 72704). Signed-off-by: Jouni Malinen --- diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c index 1e767d5ab..0c18269da 100644 --- a/src/utils/http_curl.c +++ b/src/utils/http_curl.c @@ -1177,9 +1177,10 @@ static int ocsp_resp_cb(SSL *s, void *arg) if (status == V_OCSP_CERTSTATUS_GOOD) return 1; - if (status == V_OCSP_CERTSTATUS_REVOKED) + if (status == V_OCSP_CERTSTATUS_REVOKED) { ctx->last_err = "Server certificate has been revoked"; return 0; + } if (ctx->ocsp == MANDATORY_OCSP) { wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required"); ctx->last_err = "OCSP status unknown";