From 945be4ece57d92d9c3011efbdf9f27dd60279bc1 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 23 Nov 2023 17:54:40 +0100
Subject: [PATCH] pki: Generate internal error OCSP response if no signer
 certificate is found

That can happen if a request is sent to the wrong OCSP server.
---
 src/pki/commands/ocsp.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/pki/commands/ocsp.c b/src/pki/commands/ocsp.c
index 81e732cf49..85ab673384 100644
--- a/src/pki/commands/ocsp.c
+++ b/src/pki/commands/ocsp.c
@@ -528,6 +528,11 @@ gen:
 				ocsp_status = OCSP_INTERNALERROR;
 			}
 		}
+		else
+		{
+			DBG1(DBG_APP, "no signer certificate found");
+			ocsp_status = OCSP_INTERNALERROR;
+		}
 		DBG1(DBG_APP, "ocspResponseStatus:  %N", ocsp_status_names, ocsp_status);
 
 		enumerator = responses->create_enumerator(responses);
-- 
2.47.2