From c6e7ea685ed13e4841305615cb3f161fd8c2db04 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 14 Mar 2023 18:09:45 -0400
Subject: [PATCH 1/4] Add in CERT_UNKNOWN detection

---
 src/ocsp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 69be0534b..6a393b8f7 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -395,7 +395,11 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
 end:
     if (ret == 0 && validated == 1) {
         WOLFSSL_MSG("New OcspResponse validated");
-    } else if (ret != OCSP_CERT_REVOKED) {
+    } else if ((ret == ocsp->error) && (ocspResponse->single->status->status == CERT_UNKNOWN)) {
+        WOLFSSL_MSG("OCSP unknown");
+        ret = OCSP_CERT_UNKNOWN;
+    } else if ((ret != OCSP_CERT_REVOKED) && (ret != ocsp->error)) {
+        WOLFSSL_MSG("OCSP lookup failure");
         ret = OCSP_LOOKUP_FAIL;
     }
 

From 1967375ea51dad718c06906371e039af166f3ca5 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 14 Mar 2023 18:11:00 -0400
Subject: [PATCH 2/4] Pass up the error

---
 src/ocsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 6a393b8f7..5e4521a5b 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -467,7 +467,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
             return ret;
         }
         WOLFSSL_LEAVE("CheckOcspRequest", ocsp->error);
-        return OCSP_LOOKUP_FAIL;
+        return ocsp->error;
     }
 #endif
 

From 682354628b3091e7390d7b24c5b17b0819c995ae Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 Mar 2023 09:58:39 -0400
Subject: [PATCH 3/4] Better return value

---
 src/ocsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 5e4521a5b..6ab0103fd 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -467,7 +467,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
             return ret;
         }
         WOLFSSL_LEAVE("CheckOcspRequest", ocsp->error);
-        return ocsp->error;
+        return ret;
     }
 #endif
 

From 69024d121fe9a7fed69296e820512594b063d387 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 Mar 2023 10:16:34 -0400
Subject: [PATCH 4/4] Revert change

---
 src/ocsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 6ab0103fd..d3954a68b 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -398,7 +398,7 @@ end:
     } else if ((ret == ocsp->error) && (ocspResponse->single->status->status == CERT_UNKNOWN)) {
         WOLFSSL_MSG("OCSP unknown");
         ret = OCSP_CERT_UNKNOWN;
-    } else if ((ret != OCSP_CERT_REVOKED) && (ret != ocsp->error)) {
+    } else if (ret != OCSP_CERT_REVOKED) {
         WOLFSSL_MSG("OCSP lookup failure");
         ret = OCSP_LOOKUP_FAIL;
     }