feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4456 from dgarske/zd13032

Browse Source 
Fix to not try OCSP or CRL checks if there is already an error
This commit is contained in:
Sean Parkinson
2021-10-11 08:20:58 +10:00
committed by GitHub
parent f757318eeb 668f8700a4
commit 511c74ea52
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@ -12355,7 +12355,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
{ {
if (args->count > 0) { if (args->count > 0) {
#if defined(HAVE_OCSP) || defined(HAVE_CRL) #if defined(HAVE_OCSP) || defined(HAVE_CRL)
if (args->fatal == 0) { /* only attempt to check OCSP or CRL if not previous error such
* as ASN_BEFORE_DATE_E or ASN_AFTER_DATE_E */
if (args->fatal == 0 && ret == 0) {
int doLookup = 1; int doLookup = 1;
if (ssl->options.side == WOLFSSL_CLIENT_END) { if (ssl->options.side == WOLFSSL_CLIENT_END) {