openssl: fix the ocsp len arg to Curl_vtls_apple_verify

author Daniel Stenberg <daniel@haxx.se>

Fri, 31 Oct 2025 16:09:31 +0000 (17:09 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Fri, 31 Oct 2025 22:09:05 +0000 (23:09 +0100)
author Daniel Stenberg <daniel@haxx.se>
Fri, 31 Oct 2025 16:09:31 +0000 (17:09 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Fri, 31 Oct 2025 22:09:05 +0000 (23:09 +0100)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c

index 838c0242213b5e3ecc8e27537c2e271098d9d913..a2b2da00e0184cc85dd992d60f98dec8a290d366 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5129,6 +5129,10 @@ static CURLcode ossl_apple_verify(struct Curl_cfilter *cf,
      if(conn_config->verifystatus && !octx->reused_session)
        ocsp_len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &ocsp_data);
  
+    /* SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP
+       response data or -1 if there is no OCSP response data. */
+    if(ocsp_len < 0)
+      ocsp_len = 0; /* no data available */
      result = Curl_vtls_apple_verify(cf, data, peer, chain.num_certs,
                                      ossl_chain_get_der, &chain,
                                      ocsp_data, ocsp_len);
author	Daniel Stenberg <daniel@haxx.se>
	Fri, 31 Oct 2025 16:09:31 +0000 (17:09 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 31 Oct 2025 22:09:05 +0000 (23:09 +0100)