ocsptool: check chain size on verification

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/src/ocsptool.c b/src/ocsptool.c
index c0ae7ad6fee93e48e7d8c8cc3e23b3626b26fbfa..1338d6122b4ade053a7dce7ed03f032a2ab90700 100644 (file)
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -478,8 +478,12 @@ static void verify_response(gnutls_datum_t *nonce)
 
        if (HAVE_OPT(LOAD_CHAIN)) {
                chain_size = load_chain(chain);
+               if (chain_size < 1) {
+                       fprintf(stderr, "Empty chain found; cannot verify\n");
+                       app_exit(1);
+               }
 
-               if (chain_size <= 1)
+               if (chain_size == 1)
                        signer = chain[0];
                else
                        signer = chain[1];