From: Marcel Poul Date: Thu, 4 Oct 2012 15:49:24 +0000 (+0000) Subject: Check the OCSP verify function return value. Ignore, if the URI of the OCSP responder... X-Git-Tag: gridsite-core_R_1_7_23~6 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=b52e08c1bede1293d09db1eb61376e98b7b08593;p=jra1mw.git Check the OCSP verify function return value. Ignore, if the URI of the OCSP responder is not specified (for now). --- diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h index 0f923c5..7a317ca 100644 --- a/emi.canl.canl-c/src/canl_ssl.h +++ b/emi.canl.canl-c/src/canl_ssl.h @@ -25,6 +25,9 @@ canl_err_code CANL_CALLCONV canl_ctx_set_ca_dir(canl_ctx, const char *); canl_err_code CANL_CALLCONV +canl_ctx_set_crl_dir(canl_ctx, const char *); + +canl_err_code CANL_CALLCONV canl_ctx_set_ca_fn(canl_ctx, const char *); canl_err_code CANL_CALLCONV diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c index c37a981..5270c01 100644 --- a/emi.canl.canl-c/src/proxy/sslutils.c +++ b/emi.canl.canl-c/src/proxy/sslutils.c @@ -2196,6 +2196,7 @@ proxy_verify_callback( */ if (!ocsp_data) ocsprequest_init(&ocsp_data); + ret = 0; if (ocsp_data) { if (ctx->current_cert) ocsp_data->cert = ctx->current_cert; @@ -2210,17 +2211,20 @@ proxy_verify_callback( ocsp_data->cert_chain = ctx->chain; /*Timeout should be set here ocsp_data->timeout = -1; */ - do_ocsp_verify (ocsp_data); + ret = do_ocsp_verify (ocsp_data); /* TODO sign key and cert */ ocsprequest_free(ocsp_data); ocsp_data = NULL; } EVP_PKEY_free(key); - if (objset) X509_OBJECT_free_contents(&obj); + if (ret != 0) + if (ret != CANL_OCSPRESULT_ERROR_NOAIAOCSPURI) + ok = 0; + return(ok); fail_verify: