From: Nikos Mavrogiannopoulos Date: Mon, 19 Jan 2015 14:32:09 +0000 (+0100) Subject: don't be so verbose about the OCSP nonce; it is universally unsupported X-Git-Tag: gnutls_3_4_0~340 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9c33d9cc68458b5378f0d87e6d296fb07ada770c;p=thirdparty%2Fgnutls.git don't be so verbose about the OCSP nonce; it is universally unsupported --- diff --git a/src/cli.c b/src/cli.c index e02080d302..998a1190ab 100644 --- a/src/cli.c +++ b/src/cli.c @@ -1880,7 +1880,7 @@ static int cert_verify_ocsp(gnutls_session_t session) } /* verify and check the response for revoked cert */ - ret = check_ocsp_response(cert, issuer, &resp, &nonce); + ret = check_ocsp_response(cert, issuer, &resp, &nonce, verbose); if (ret == 1) ok++; else diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c index ec5903c14b..b0fb18ddd2 100644 --- a/src/ocsptool-common.c +++ b/src/ocsptool-common.c @@ -314,7 +314,7 @@ void print_ocsp_verify_res(unsigned int output) int check_ocsp_response(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, gnutls_datum_t * data, - gnutls_datum_t * nonce) + gnutls_datum_t * nonce, int verbose) { gnutls_ocsp_resp_t resp; int ret; @@ -409,7 +409,8 @@ check_ocsp_response(gnutls_x509_crt_t cert, ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - fprintf(stderr, "*** The OCSP reply did not include the requested nonce.\n"); + if (verbose) + fprintf(stderr, "*** The OCSP reply did not include the requested nonce.\n"); goto finish_ok; } diff --git a/src/ocsptool-common.h b/src/ocsptool-common.h index 5922cb0ae5..c8b130e479 100644 --- a/src/ocsptool-common.h +++ b/src/ocsptool-common.h @@ -42,6 +42,7 @@ void print_ocsp_verify_res(unsigned int output); int check_ocsp_response(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, - gnutls_datum_t * data, gnutls_datum_t *nonce); + gnutls_datum_t * data, gnutls_datum_t *nonce, + int verbose); #endif