pki: Generate internal error OCSP response if no signer certificate is found

That can happen if a request is sent to the wrong OCSP server.
2025-10-03 00:00:24 -04:00 · 2023-11-23 17:54:40 +01:00 · 2023-11-23 17:54:40 +01:00 · 945be4ece5
commit 945be4ece5
parent 05a1f5b9c5
1 changed files with 5 additions and 0 deletions
--- a/src/pki/commands/ocsp.c
+++ b/src/pki/commands/ocsp.c
@ -528,6 +528,11 @@ gen:
 				ocsp_status = OCSP_INTERNALERROR;
 			}
 		}
+		else
+		{
+			DBG1(DBG_APP, "no signer certificate found");
+			ocsp_status = OCSP_INTERNALERROR;
+		}
 		DBG1(DBG_APP, "ocspResponseStatus:  %N", ocsp_status_names, ocsp_status);

 		enumerator = responses->create_enumerator(responses);