From b52e08c1bede1293d09db1eb61376e98b7b08593 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Thu, 4 Oct 2012 15:49:24 +0000 Subject: [PATCH] Check the OCSP verify function return value. Ignore, if the URI of the OCSP responder is not specified (for now). --- emi.canl.canl-c/src/canl_ssl.h | 3 +++ emi.canl.canl-c/src/proxy/sslutils.c | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h index 0f923c5..7a317ca 100644 --- a/emi.canl.canl-c/src/canl_ssl.h +++ b/emi.canl.canl-c/src/canl_ssl.h @@ -25,6 +25,9 @@ canl_err_code CANL_CALLCONV canl_ctx_set_ca_dir(canl_ctx, const char *); canl_err_code CANL_CALLCONV +canl_ctx_set_crl_dir(canl_ctx, const char *); + +canl_err_code CANL_CALLCONV canl_ctx_set_ca_fn(canl_ctx, const char *); canl_err_code CANL_CALLCONV diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c index c37a981..5270c01 100644 --- a/emi.canl.canl-c/src/proxy/sslutils.c +++ b/emi.canl.canl-c/src/proxy/sslutils.c @@ -2196,6 +2196,7 @@ proxy_verify_callback( */ if (!ocsp_data) ocsprequest_init(&ocsp_data); + ret = 0; if (ocsp_data) { if (ctx->current_cert) ocsp_data->cert = ctx->current_cert; @@ -2210,17 +2211,20 @@ proxy_verify_callback( ocsp_data->cert_chain = ctx->chain; /*Timeout should be set here ocsp_data->timeout = -1; */ - do_ocsp_verify (ocsp_data); + ret = do_ocsp_verify (ocsp_data); /* TODO sign key and cert */ ocsprequest_free(ocsp_data); ocsp_data = NULL; } EVP_PKEY_free(key); - if (objset) X509_OBJECT_free_contents(&obj); + if (ret != 0) + if (ret != CANL_OCSPRESULT_ERROR_NOAIAOCSPURI) + ok = 0; + return(ok); fail_verify: -- 1.8.2.3