sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-04 00:00:51 -05:00
Code Issues Projects Releases Wiki Activity

revocation: Log error if no OCSP signer candidate found

Browse Source 
Fixes evaluation of ikev2/ocsp-untrusted-cert.
This commit is contained in:
Martin Willi 2014-03-31 14:53:15 +02:00
parent 11614d783b
commit 94fb33bb88
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libstrongswan/plugins/revocation/revocation_validator.c
View File

@ -118,7 +118,6 @@ static bool verify_ocsp(ocsp_response_t *response, certificate_t *ca)
{ /* OCSP signer currently invalid */ { /* OCSP signer currently invalid */
continue; continue;
} }
found = TRUE;
if (!ca->equals(ca, issuer)) if (!ca->equals(ca, issuer))
{ /* delegated OCSP signer? */ { /* delegated OCSP signer? */
if (!lib->credmgr->issued_by(lib->credmgr, issuer, ca, NULL)) if (!lib->credmgr->issued_by(lib->credmgr, issuer, ca, NULL))
@ -130,6 +129,7 @@ static bool verify_ocsp(ocsp_response_t *response, certificate_t *ca)
continue; continue;
} }
} }
found = TRUE;
if (lib->credmgr->issued_by(lib->credmgr, subject, issuer, NULL)) if (lib->credmgr->issued_by(lib->credmgr, subject, issuer, NULL))
{ {
DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"", DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"",