]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
don't be so verbose about the OCSP nonce; it is universally unsupported
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 19 Jan 2015 14:32:09 +0000 (15:32 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 19 Jan 2015 14:32:09 +0000 (15:32 +0100)
src/cli.c
src/ocsptool-common.c
src/ocsptool-common.h

index e02080d302ae429a1653b97682ca1ba10d9dc1b1..998a1190abda1f9b1655e20b0f0c41d3aaa23f2a 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -1880,7 +1880,7 @@ static int cert_verify_ocsp(gnutls_session_t session)
                }
 
                /* verify and check the response for revoked cert */
-               ret = check_ocsp_response(cert, issuer, &resp, &nonce);
+               ret = check_ocsp_response(cert, issuer, &resp, &nonce, verbose);
                if (ret == 1)
                        ok++;
                else
index ec5903c14be120b1b13a51119e435bd762c3c9f3..b0fb18ddd2d0bb53912cc1e2e8c618efde41eb7c 100644 (file)
@@ -314,7 +314,7 @@ void print_ocsp_verify_res(unsigned int output)
 int
 check_ocsp_response(gnutls_x509_crt_t cert,
                    gnutls_x509_crt_t issuer, gnutls_datum_t * data,
-                   gnutls_datum_t * nonce)
+                   gnutls_datum_t * nonce, int verbose)
 {
        gnutls_ocsp_resp_t resp;
        int ret;
@@ -409,7 +409,8 @@ check_ocsp_response(gnutls_x509_crt_t cert,
 
                ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
                if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
-                       fprintf(stderr, "*** The OCSP reply did not include the requested nonce.\n");
+                       if (verbose)
+                               fprintf(stderr, "*** The OCSP reply did not include the requested nonce.\n");
                        goto finish_ok;
                }
 
index 5922cb0ae519b0537291a3d18b6573872a0ad5d4..c8b130e479fd67563b80f84e123726afd945c560 100644 (file)
@@ -42,6 +42,7 @@ void print_ocsp_verify_res(unsigned int output);
 
 int
 check_ocsp_response(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
-                   gnutls_datum_t * data, gnutls_datum_t *nonce);
+                   gnutls_datum_t * data, gnutls_datum_t *nonce,
+                   int verbose);
 
 #endif